Hi there,
We need to change the password policy on one of our Moodle sites, to comply with the security policies in the organisation concerned.
What will happen to existing users when we do so? Will they be forced to change their password to comply?
Also, are the password requirements made clear to new users automatically?
Thanks,
Mark
Answering my own question:
If you switch on the password policy it will not affect existing users until they decide to change their password.
When they do put in a password, they will get a series of messages, about length, allowed characters etc until they hit the right criteria.
So, we'd need to make those criteria explicit somewhere else, eg. in the login instructions.
Mark
If you switch on the password policy it will not affect existing users until they decide to change their password.
When they do put in a password, they will get a series of messages, about length, allowed characters etc until they hit the right criteria.
So, we'd need to make those criteria explicit somewhere else, eg. in the login instructions.
Mark
Mark - One way of enforcing your policy change would be to require all users to change their passwords (force password change). Then the new policies would take effect. Let me know if you have suggestions for where it would be helpful to have more explicit explanation about the password requirements. Peace - Anthony
Can anyone confirm that turning on the password policy after users have passwords (that are not "valid") will let those past users still log in with no problem?
Using version 1.9.5
Thanks!
Using version 1.9.5
Thanks!
It does. Current Password policy tests only new passwords or changed passwords and old passwords still work.