Feature #2039
openGenerate strong passwords
0%
Description
Hi,
I use redmine at work to manage my "commercial" products. As my server is public, I would like to ensure users have strong passwords.
I feel concerned about the quality of the user's passwords.
I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email. No giving the user choice of it's password. No letting him change it after. If the user forget its password, lost the email or didn't register it in it's browser passwords manager, a simple link will send him a new password by email.
Related issues
Updated by Eric Davis about 16 years ago
Pierre Yager wrote:
I use redmine at work to manage my "commercial" products. As my server is public, I would like to ensure users have strong passwords.
I feel concerned about the quality of the user's passwords.
I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email.
Wouldn't sending the strong password via email defeat the purpose of having a strong password, since email is sent as plaintext?
I've seen some systems have a password strength meter that checks how strong a password is as the user enters it. Could this work if an administrator can set an option like "password must be at least highly secure"? (other options could be: no security checks, low security, medium security)
Updated by Pierre Yager about 16 years ago
I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email.
Wouldn't sending the strong password via email defeat the purpose of having a strong password, since email is sent as plaintext?
I'm pretty sure that System Generated Passwords, even when mailed in plain text, are generally safer than bad user made (or worst too much reused) passwords.
I've seen some systems have a password strength meter that checks how strong a password is as the user enters it. Could this work if an administrator can set an option like "password must be at least highly secure"? (other options could be: no security checks, low security, medium security)
Sure, that would be a very nice improvement. As I'm not able to do this by myself I will be happy with any kind of improvement that will be done in this area. I just though that using something like pwgen or any ruby implementation would be simpler than writing a password-strenght-o-meter.
Updated by Toshi MARUYAMA almost 14 years ago
- Category set to Accounts / authentication
Updated by Daniel Felix about 12 years ago
Well, it would be quite useful to add a button "generate password" in the userregistration (administration -> users).
This way, the admin has the abbility to generate secure passwords, without knowing the user password.