-
Improvement
-
Resolution: Won't Do
-
Minor
-
None
-
2.4
-
MOODLE_24_STABLE
We are using Moodle feature to automatically generate and email passwords for new accounts. These passwords are randomly generated with all ascii printable chars at the length of 10.
While these password provide enough complexity to be hard to guess, they are also:
- extremly difficult to remember
- very difficult to enter on a national keyboard in case of non-alphanumeric characters
as a result, these passwords are changed at first opportunity by users to passwords that are significantly simpler, but only little easier to remember.
I would propose to use generation from approx. 4 random words from dictionary in language of choice. Such approach to passwords is outlined for example here:
http://blog.shay.co/password-entropy
This would result in that users would actually have a chance of having usable and secure passwords.
- will be (partly) resolved by
-
MDL-23692 Change Forgotten Username or Password process
- Closed