プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #63999

未完了

Generate strong passwords

Admin Redmine さんがほぼ2年前に追加. ほぼ2年前に更新.

ステータス:
New
優先度:
通常
担当者:
-
カテゴリ:
Accounts / authentication_7
対象バージョン:
-
開始日:
2008/10/16
期日:
進捗率:

0%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/2039
category_id:
7
version_id:
0
issue_org_id:
2039
author_id:
2405
assigned_to_id:
0
comments:
4
status_id:
1
tracker_id:
2
plus1:
0
affected_version:
closed_on:
affected_version_id:
ステータス-->[New]
引用

説明

Hi,

I use redmine at work to manage my "commercial" products. As my server is public, I would like to ensure users have strong passwords.

I feel concerned about the quality of the user's passwords.

I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email. No giving the user choice of it's password. No letting him change it after. If the user forget its password, lost the email or didn't register it in it's browser passwords manager, a simple link will send him a new password by email.

journals

Pierre Yager wrote:
> I use redmine at work to manage my "commercial" products. As my server is public, I would like to ensure users have strong passwords.
>
> I feel concerned about the quality of the user's passwords.
>
> I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email.

Wouldn't sending the strong password via email defeat the purpose of having a strong password, since email is sent as plaintext?

I've seen some systems have a password strength meter that checks how strong a password is as the user enters it. Could this work if an administrator can set an option like "password must be at least highly secure"? (other options could be: no security checks, low security, medium security)
--------------------------------------------------------------------------------
> > I would be useful is redmine can generate such strong passwords when a new user signs-in and send it back its password by email.
>
> Wouldn't sending the strong password via email defeat the purpose of having a strong password, since email is sent as plaintext?

I'm pretty sure that System Generated Passwords, even when mailed in plain text, are generally safer than bad user made (or worst too much reused) passwords.

> I've seen some systems have a password strength meter that checks how strong a password is as the user enters it. Could this work if an administrator can set an option like "password must be at least highly secure"? (other options could be: no security checks, low security, medium security)

Sure, that would be a very nice improvement. As I'm not able to do this by myself I will be happy with any kind of improvement that will be done in this area. I just though that using something like pwgen or any ruby implementation would be simpler than writing a password-strenght-o-meter.

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Well, it would be quite useful to add a button "generate password" in the userregistration (administration -> users).

This way, the admin has the abbility to generate secure passwords, without knowing the user password.
--------------------------------------------------------------------------------

related_issues

relates,Closed,3872,New user password - better functionality

操作
リンクをコピー
 #1

Admin Redmine さんがほぼ2年前に更新

  • カテゴリAccounts / authentication_7 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org