Moodle

Hard to understand password policy when users self create accounts

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Cannot Reproduce
  • Affects Version/s: 1.9.3
  • Fix Version/s: 1.9.6
  • Component/s: Authentication, Usability
  • Labels:
    None
  • Difficulty:
    Easy
  • Affected Branches:
    MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_19_STABLE

Description

If password policy is set, on the Moodle signup page users has prompted when a non-compliant password is entered.

Unfortunately, Moodle checks each policy one at a time, so if password policy is slightly more complex than simple total length, users are guided through a frustrating process of guessing policies, for example:

  • a signing up user enter a password
  • Moodle checks password length and if password is too short, warns user that the password is too short
  • user re enter the password, according to length
  • Moodle checks if password contains the required digits, and if the pass is not compliant warns user the password do not contain the required number of digits.
  • user re enter the password, according to length and number of digits
  • Moodle checks if password contains the required lower letters, and if the pass is not compliant warns user the password do not contain the required number of lower letters
  • user re enter the password, according to length, number of digits and number of lower letters
  • Moodle checks if password contains the required upper letters, and if the pass is not compliant warns user the password do not contain the required number of upper letters
  • user re enter the password, according to length, number of digits, number of lower letters and number of upper letters
    .......
    .......

This frustrating process could be easily avoided making the password policy clear on the sign up page.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

Please no more "Fix 1.9.4", we are very close to the release - only serious regressions will be fixed

thanks for the report!

Show
Petr Škoda (skodak) added a comment - Please no more "Fix 1.9.4", we are very close to the release - only serious regressions will be fixed thanks for the report!
Hide
Permalink
Helen Foster added a comment -

Andrea, thanks for your report.

+1 from me for making the password policy clear from the beginning.

As well as being used on the sign-up page, the password policy can also be applied to enrolment keys, so the policy needs to be made clear there too.

Reassigning to Eloy for consideration.

Show
Helen Foster added a comment - Andrea, thanks for your report. +1 from me for making the password policy clear from the beginning. As well as being used on the sign-up page, the password policy can also be applied to enrolment keys, so the policy needs to be made clear there too. Reassigning to Eloy for consideration.
Hide
Permalink
Alberto J Varela added a comment -

I am unable to replicate the problem in 1.9.4: the password policy is clear from the beginning when I try to sign up a new user. I made sure that the password policy was set, and it gave me all the errors at once.

Has it been fixed already?

Show
Alberto J Varela added a comment - I am unable to replicate the problem in 1.9.4: the password policy is clear from the beginning when I try to sign up a new user. I made sure that the password policy was set, and it gave me all the errors at once. Has it been fixed already?
Hide
Permalink
Richard added a comment -

Hello - I have a workaround that you can implement in the mean time to overcome this issue until a proper fix is released.

1: In the file : moodle/lang/en-utf8/moodle.php : go to line number 1172 which reads::
$string['password'] = 'Password';

2: Add the following in a new line underneath it (change the specifics accordingly for your own password setup)::
$string['password2'] = 'Password*<br/>Must be 8 characters long';

3: in the file : moodle/login/signup_form.php : go to line 19 which reads::
$mform->addElement('passwordunmask', 'password', get_string('password'), 'maxlength="32" size="12"');

4: change this line to::
$mform->addElement('passwordunmask', 'password', get_string('password2'), 'maxlength="32" size="12"');

Show
Richard added a comment - Hello - I have a workaround that you can implement in the mean time to overcome this issue until a proper fix is released. 1: In the file : moodle/lang/en-utf8/moodle.php : go to line number 1172 which reads:: $string['password'] = 'Password'; 2: Add the following in a new line underneath it (change the specifics accordingly for your own password setup):: $string['password2'] = 'Password*<br/>Must be 8 characters long'; 3: in the file : moodle/login/signup_form.php : go to line 19 which reads:: $mform->addElement('passwordunmask', 'password', get_string('password'), 'maxlength="32" size="12"'); 4: change this line to:: $mform->addElement('passwordunmask', 'password', get_string('password2'), 'maxlength="32" size="12"');
Hide
Permalink
Martin Dougiamas added a comment -

I can't see any changes recently, but I tried this on the latest 1.9 and it printed all the rules at once.

Passwords must be at least 8 characters long.
Passwords must have at least 1 digit(s).
Passwords must have at least 1 upper case letter(s).
Passwords must have at least 1 non-alphanumeric character(s).

So I'm closing this bug.

Show
Martin Dougiamas added a comment - I can't see any changes recently, but I tried this on the latest 1.9 and it printed all the rules at once. Passwords must be at least 8 characters long. Passwords must have at least 1 digit(s). Passwords must have at least 1 upper case letter(s). Passwords must have at least 1 non-alphanumeric character(s). So I'm closing this bug.
Hide
Permalink
Andrea Bicciolo added a comment -

That's good. Thanks!

Show
Andrea Bicciolo added a comment - That's good. Thanks!

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.