evolix
/
evoadmin-web
18
0
Fork 1
Code Issues 33 Pull Requests 6 Releases 1 Wiki Activity

Reset web account password #80

New Issue
Open
opened 2023-03-06 15:12:53 +01:00 by whirigoyen · 2 comments
whirigoyen commented 2023-03-06 15:12:53 +01:00
Owner
Copy Link

The web interface should allow a user to reset an account password.

Reset seems easier to implement (no form) and avoids all the tests of the strength of the password provided by the user.

The web interface should allow a user to reset an account password. Reset seems easier to implement (no form) and avoids all the tests of the strength of the password provided by the user.
mtrossevin commented 2023-11-22 16:40:28 +01:00
Owner
Copy Link

If we are doing this, we should almost certainly do three things (which we should already do on account creation when no password is provided but we don't) :

  1. Make the generated password much longer (honestly as it should be a single use password until the end user change it it should probably be long as in 32 characters at least).
  2. Make the generated password single use by forcing password change on first login (there really aren't any major ssh client that do not support the demand to change password on login anyways). (passwd -e or equivalent)
  3. Warn that this password is single use and will need to be changed on first login.

(Should we also add a line advising them to use a password manager if they don't already ?)

If we are doing this, we should almost certainly do three things (which we should already do on account creation when no password is provided but we don't) : 1. Make the generated password much longer (honestly as it should be a single use password until the end user change it it should probably be long as in 32 characters at least). 2. Make the generated password single use by forcing password change on first login (there really aren't any major ssh client that do not support the demand to change password on login anyways). (`passwd -e` or equivalent) 3. Warn that this password is single use and will need to be changed on first login. ~~(Should we also add a line advising them to use a password manager if they don't already ?)~~
mtrossevin added the
Feature
 label 2023-11-22 16:40:45 +01:00
whirigoyen commented 2023-11-23 11:50:12 +01:00
Author
Owner
Copy Link

A agree with theses propositions, I think you should open a separate ticket to improve the general mechanisms of the passwords ?

A agree with theses propositions, I think you should open a separate ticket to improve the general mechanisms of the passwords ?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
unstable
fix-ssh-memebership
bind-add-ng-fix-regex
ci-enablement
mail
apache-require
master-fix-48033
letsencrypt
evacome-wrapper
composer_install
license-readme-conformity
bind-add-automatic-slave
jessie
web-add-support-nginx-and-apache
ssl
wheezy
23.02
Labels
Clear labels   
Bug

Fixing or reporting bugs

  
Doc

Things that needs to be documented (use and/or dev)

  
Feature

Adding new features

  
Forge

Issues imported from https://forge.evolix.org/projects/evoadmin-web/issues

  
Script

Code that can be run both on the command line or by evoadmin

  
Server

Server configuration

  
Web

Code that is run on or by the http server.

  
wontfix
No Label
Bug
Doc
Feature
Forge
Script
Server
Web
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: evolix/evoadmin-web#80
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?