Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37866

improve usability of randomly generated passwords (ie. in cron for new accounts)

    XMLWordPrintable

    Details

    • Affected Branches:
      MOODLE_24_STABLE

      Description

      We are using Moodle feature to automatically generate and email passwords for new accounts. These passwords are randomly generated with all ascii printable chars at the length of 10.
      While these password provide enough complexity to be hard to guess, they are also:

      • extremly difficult to remember
      • very difficult to enter on a national keyboard in case of non-alphanumeric characters
        as a result, these passwords are changed at first opportunity by users to passwords that are significantly simpler, but only little easier to remember.

      I would propose to use generation from approx. 4 random words from dictionary in language of choice. Such approach to passwords is outlined for example here:
      http://blog.shay.co/password-entropy

      This would result in that users would actually have a chance of having usable and secure passwords.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                complicator Pavel Krejci
                Participants:
                Component watchers:
                Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Jake Dallimore, Jun Pataleta
              • Votes:
                2 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: