Redmine

Pierre Yager wrote:

I use redmine at work to manage my "commercial" products. As my server is public, I would like to ensure users have strong passwords.

I feel concerned about the quality of the user's passwords.

I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email.

Wouldn't sending the strong password via email defeat the purpose of having a strong password, since email is sent as plaintext?

I've seen some systems have a password strength meter that checks how strong a password is as the user enters it. Could this work if an administrator can set an option like "password must be at least highly secure"? (other options could be: no security checks, low security, medium security)

I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email.

Wouldn't sending the strong password via email defeat the purpose of having a strong password, since email is sent as plaintext?

I'm pretty sure that System Generated Passwords, even when mailed in plain text, are generally safer than bad user made (or worst too much reused) passwords.

I've seen some systems have a password strength meter that checks how strong a password is as the user enters it. Could this work if an administrator can set an option like "password must be at least highly secure"? (other options could be: no security checks, low security, medium security)

Sure, that would be a very nice improvement. As I'm not able to do this by myself I will be happy with any kind of improvement that will be done in this area. I just though that using something like pwgen or any ruby implementation would be simpler than writing a password-strenght-o-meter.

Well, it would be quite useful to add a button "generate password" in the userregistration (administration -> users).

This way, the admin has the abbility to generate secure passwords, without knowing the user password.