General developer forum

 
 
Picture of john saylor
default password policy
 

can the default password policy of moodle be changed?

my arguments against the current policy can best be summarized by the xkcd comic: http://xkcd.com/936/

i'd suggest a single constraint [by default] of 12 chars. 

perhaps this has been discussed ad nauseum already. maybe there is a ticket in the tracker ... feel free to point me towards these items [but i couldn't find them on my own].

 
Average of ratings: -
Picture of Ken Task
Re: default password policy
Group Particularly helpful Moodlers

You could leave the site policy password requirements on and in the form for setting attributes/pwd requirements, set password length to 12 and set all others to 0, could you not?

Or are we talking about wanting to do this in the code?  Whatever is done, has to be compatible with authentication methods the site is setup to use ... ldap, email, etc..

'spirit of sharing', Ken

 
Average of ratings: -
Picture of john saylor
Re: default password policy
 

i am talking about the default settings [in the db, i believe]. when you first bring up the system.

i know moodle is very configurable in this regard [as well as many others].

i am putting forth the idea that i'd like to examine the reasoning behind the default password policy. my contention is that it is more cumbersome than necessary.

 
Average of ratings: -
C'est moi :-)
Re: default password policy
Group Documentation writersGroup Particularly helpful MoodlersGroup TestersGroup Translators

Nice explanation. Better to have "My superb and secure password" than "Ms&sP"...

In Moodle, there's password salting to have a better security wink

 
Average of ratings: -
Picture of David Broadlick
Re: default password policy
 

I was waiting on this discussion to resolve itself in order to learn about how this works. In the mean time I was able to find an answer. You can change these settings in Site Polices. Go to Settings > Site administration > Security > Site policies. Here are Moodles directions. http://docs.moodle.org/20/en/Site_policies#Password_policy

 
Average of ratings: -