Moodle
  1. Moodle
  2. MDL-20949

Password policy requirements should be displayed on signup page

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.6
    • Fix Version/s: 1.9.8
    • Component/s: Usability
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE
    • Rank:
      36414

      Description

      As suggested by Mark Rooney:

      Seriously, you must be Austrians, not Australians based of the maddeningly convoluted conventions for the username and password. Please tell me the conventions once and for all for both username and password so that I can pass them along to my students in order to spare them the experience of only having each rule of naming revealed one at a time.

      A suggestion is to list the conventions where a first time user can see them PRIOR to attempting to create a username and password.

      1. 20091125_MDL20949_passwordpolicy.patch
        4 kB
        Rossiani Wijaya
      2. 20091130_MDL20949_passwordpolicy.patch
        2 kB
        Rossiani Wijaya
      1. andrew_after.gif
        6 kB

        Issue Links

          Activity

          Hide
          Helen Foster added a comment - - edited

          How about on signup.php in the 'Choose your username and password' box:

          Your password must be at least p character(s) long and must contain at least q digit(s), r lower case letter(s), s upper case letter(s) and t non-alphanumeric character(s).

          (where p, q, r, s, t are taken from the password policy)

          Show
          Helen Foster added a comment - - edited How about on signup.php in the 'Choose your username and password' box: Your password must be at least p character(s) long and must contain at least q digit(s), r lower case letter(s), s upper case letter(s) and t non-alphanumeric character(s). (where p, q, r, s, t are taken from the password policy)
          Hide
          Rossiani Wijaya added a comment -

          Hi Helen,

          I created a new function in weblib to printout password policy. The policy is printed out on sign-up, change password, and update profile pages.

          Please download the patch to apply the update.

          Thanks
          Rosie

          Show
          Rossiani Wijaya added a comment - Hi Helen, I created a new function in weblib to printout password policy. The policy is printed out on sign-up, change password, and update profile pages. Please download the patch to apply the update. Thanks Rosie
          Hide
          Eloy Lafuente (stronk7) added a comment - - edited

          Hi Rosie,

          the patch looks ok:

          1) it shows password policy message in the signup, in the change password and in the user edit-advanced pages. Ok IMO.
          2) it uses a central function print_password_policy() to dynamically create message contents. Perfect.

          Anyway, I've been talking with Helen a bit about the contents of the message to be showed and we have agreed that, perhaps, showing the "error messages" isn't the best alternative.

          So we have thought something like this:

          1) Create, for each errorXXXX string one parallel informXXXXX string
          2) Concatenate all the informXXXX strings in 1 (exactly like now is being done with errorXXX strings (with commas ?)
          3) Create another string, call it, "informpasswordpolicy" with contents: "Your password must have $a"
          4) Pass the results of 2 as parameter to 3

          That's all, the resulting string in 4) will be the one to be printed. That way we keep error/notification strings separated and can handle them to be more human-natural readable.

          Once done, the idea is to commit it next Wednesday (after next weekly build), so Helen will have one week to test it / adjust the strings...

          Thanks and ciao

          Show
          Eloy Lafuente (stronk7) added a comment - - edited Hi Rosie, the patch looks ok: 1) it shows password policy message in the signup, in the change password and in the user edit-advanced pages. Ok IMO. 2) it uses a central function print_password_policy() to dynamically create message contents. Perfect. Anyway, I've been talking with Helen a bit about the contents of the message to be showed and we have agreed that, perhaps, showing the "error messages" isn't the best alternative. So we have thought something like this: 1) Create, for each errorXXXX string one parallel informXXXXX string 2) Concatenate all the informXXXX strings in 1 (exactly like now is being done with errorXXX strings (with commas ?) 3) Create another string, call it, "informpasswordpolicy" with contents: "Your password must have $a" 4) Pass the results of 2 as parameter to 3 That's all, the resulting string in 4) will be the one to be printed. That way we keep error/notification strings separated and can handle them to be more human-natural readable. Once done, the idea is to commit it next Wednesday (after next weekly build), so Helen will have one week to test it / adjust the strings... Thanks and ciao
          Hide
          Rossiani Wijaya added a comment -

          Hi Eloy - I made changes according to your suggestion. Please take a look and let me know if it needs any changes.

          Thanks
          Rosie

          Show
          Rossiani Wijaya added a comment - Hi Eloy - I made changes according to your suggestion. Please take a look and let me know if it needs any changes. Thanks Rosie
          Hide
          Rossiani Wijaya added a comment -

          Hi Eloy,

          When you have a chance, could you take a look my latest patch?

          Thanks

          Show
          Rossiani Wijaya added a comment - Hi Eloy, When you have a chance, could you take a look my latest patch? Thanks
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Hi Rosie,

          looks perfect IMO. So +1 for it (tomorrow, today is weekly review day).

          Thanks!

          Show
          Eloy Lafuente (stronk7) added a comment - Hi Rosie, looks perfect IMO. So +1 for it (tomorrow, today is weekly review day). Thanks!
          Hide
          Helen Foster added a comment -

          Hi Rosie, thanks for checking this improvement into 1.9.7+

          I've looked at the signup, change password and user editadvanced pages, and tried changing the password policy. Everything looks perfect, apart from a very small thing: When an admin edits a user's profile (editadvanced page) it seems weird to state 'Your password must have...' since the password doesn't belong to them. How about changing the lang string informpasswordpolicy to 'The password must have $a' (replacing the word 'Your' with 'The').

          Show
          Helen Foster added a comment - Hi Rosie, thanks for checking this improvement into 1.9.7+ I've looked at the signup, change password and user editadvanced pages, and tried changing the password policy. Everything looks perfect, apart from a very small thing: When an admin edits a user's profile (editadvanced page) it seems weird to state 'Your password must have...' since the password doesn't belong to them. How about changing the lang string informpasswordpolicy to 'The password must have $a' (replacing the word 'Your' with 'The').
          Hide
          David Mudrak added a comment -

          This seems to be finished and Helen's last comment already implemented. I just fixed some minor issues, mainly coding guidelines and mform integration - see the linked issue for details. IMO can be resolved and closed. Thanks Rossie

          Show
          David Mudrak added a comment - This seems to be finished and Helen's last comment already implemented. I just fixed some minor issues, mainly coding guidelines and mform integration - see the linked issue for details. IMO can be resolved and closed. Thanks Rossie
          Hide
          Rossiani Wijaya added a comment -

          Thanks David for the update.

          resolved.

          Show
          Rossiani Wijaya added a comment - Thanks David for the update. resolved.
          Hide
          Andrew Davis added a comment - - edited

          I starting QA'ing this before I noticed that Helen is listed as the QA person. I have some suggestions to make it more user friendly

          Is there is a better way to present that information than concatenating it into big long sentence? I'm doubtful that people will bother to read it and that they'll comprehend it if they try. I've attached a screenshot that just shows the same information in a list so its at least broken into bite sized chunks. There has to be a better way than a block of text.

          What about using the greater than symbol (>) to make it quicker to read?
          >8 characters
          >2 numbers
          etc

          Can we say "at least 1 number" instead of "at least 1 digit"? Digit isn't a commonly used word. Any proficient english speaker will know the word "number" but not necessarily the word "digit" even though it is technically correct.

          Provide singular and plural versions of the messages or maybe just remove the brackets around the s's at the end of the conditions.
          Outputting the following based on whether its 1 or >1 would be ideal.
          "At least 1 lower case letter"
          "At least 3 lower case letters"

          "At least 1 lower case letters" is grammatically questionable but having brackets there pulls your eye to something unimportant ie the letter s.

          Show
          Andrew Davis added a comment - - edited I starting QA'ing this before I noticed that Helen is listed as the QA person. I have some suggestions to make it more user friendly Is there is a better way to present that information than concatenating it into big long sentence? I'm doubtful that people will bother to read it and that they'll comprehend it if they try. I've attached a screenshot that just shows the same information in a list so its at least broken into bite sized chunks. There has to be a better way than a block of text. What about using the greater than symbol (>) to make it quicker to read? >8 characters >2 numbers etc Can we say "at least 1 number" instead of "at least 1 digit"? Digit isn't a commonly used word. Any proficient english speaker will know the word "number" but not necessarily the word "digit" even though it is technically correct. Provide singular and plural versions of the messages or maybe just remove the brackets around the s's at the end of the conditions. Outputting the following based on whether its 1 or >1 would be ideal. "At least 1 lower case letter" "At least 3 lower case letters" "At least 1 lower case letters" is grammatically questionable but having brackets there pulls your eye to something unimportant ie the letter s.
          Hide
          Rossiani Wijaya added a comment -

          In my opinion, it would be easier for user to understand if the policy is display in words, instead of symbols '>' .
          with >8 characters user might understand it as at least 8 characters instead of 9.

          If the password is invalid, error message will display in similar style as Andrew screenshot.

          Show
          Rossiani Wijaya added a comment - In my opinion, it would be easier for user to understand if the policy is display in words, instead of symbols '>' . with >8 characters user might understand it as at least 8 characters instead of 9. If the password is invalid, error message will display in similar style as Andrew screenshot.
          Hide
          David Mudrak added a comment -

          I agree with Rossiani. Displaying this as a list consumes too much screen space. One long sentence is IMO ok - they will get the error anyway if they break the rules. What I would personally like to see is sort of JavaScript progress bar next to the field, showing from red (weak unacceptable password) to the full green (strong password meeting all criteria). JavaScript would update the progress bar while user is typing the password. Once the one rule is met, the progress bar moves one step towards the full requirements.

          Plural forms are long story. See http://docs.moodle.org/en/Development:Languages for the proposal to deal with them in Moodle 2.0 once and forever. In the Czech language pack, for example, I translated this using the following: "minimal number of capital letters: $a->capitals, minimal number of digits: $a->digits" etc.

          Show
          David Mudrak added a comment - I agree with Rossiani. Displaying this as a list consumes too much screen space. One long sentence is IMO ok - they will get the error anyway if they break the rules. What I would personally like to see is sort of JavaScript progress bar next to the field, showing from red (weak unacceptable password) to the full green (strong password meeting all criteria). JavaScript would update the progress bar while user is typing the password. Once the one rule is met, the progress bar moves one step towards the full requirements. Plural forms are long story. See http://docs.moodle.org/en/Development:Languages for the proposal to deal with them in Moodle 2.0 once and forever. In the Czech language pack, for example, I translated this using the following: "minimal number of capital letters: $a->capitals, minimal number of digits: $a->digits" etc.
          Hide
          Helen Foster added a comment -

          Andrew, thanks for your comments. However, I'm in agreement with Rosie and David. From my experience teaching maths, it seems lots of people have difficulty understanding the symbols < and > so I'd always recommend using words.

          Show
          Helen Foster added a comment - Andrew, thanks for your comments. However, I'm in agreement with Rosie and David. From my experience teaching maths, it seems lots of people have difficulty understanding the symbols < and > so I'd always recommend using words.
          Hide
          Helen Foster added a comment -

          Rosie, thanks for implementing this improvement - it's really helpful

          Show
          Helen Foster added a comment - Rosie, thanks for implementing this improvement - it's really helpful
          Hide
          Sean Keogh added a comment -

          Has this been included in the weekly release yet?

          Show
          Sean Keogh added a comment - Has this been included in the weekly release yet?
          Hide
          Helen Foster added a comment -

          Sean, as far as I know, it was included in the 20100113 weekly build.

          Show
          Helen Foster added a comment - Sean, as far as I know, it was included in the 20100113 weekly build.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: