Feature #4370

Expire passwords on accounts created by administrators

Added by Colan Schwartz over 10 years ago. Updated over 5 years ago.

Status:ClosedStart date:2009-12-09
Priority:NormalDue date:
Assignee:-% Done:


Category:Accounts / authentication
Target version:-


When a user account is created by an administrator, a plain-text password is sent over the network. Users should be forced to change their passwords in this situation, but there is currently no means by which to enforce this.

The standard way to enforce this is to expire user passwords when they first log into the system so that they must change their passwords. This way, if anyone else digs up a user's initial password later and tries to use it, it will be useless.


#1 Updated by @ go2null over 5 years ago

Duplicate of Feature #1391 Ability to force user to change password

#2 Updated by Colan Schwartz over 5 years ago

  • Status changed from New to Resolved

#3 Updated by Jean-Philippe Lang over 5 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Duplicate

Yes, the feature was added in 2.4.

Also available in: Atom PDF