I don't know if it was a design decision or not and can't remember if we
discussed it recently. It is handy when setting up test accounts for
sure. Sometimes site admins do create passwords on the spot for users
that those then don't change. That gets around the policy. And when
passwords are sent out, they are best copied and pasted rather than

Adding a policy cfg would be a good option to still make testing easier
if we also require any accounts to have a stronger password.

** Changed in: mahara
    Milestone: 16.10.0 => None

You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask 
on #mahara-dev or mahara.org forum before editing or unsubscribing it!

  Use password check on /admin/users/edit.php

Status in Mahara:

Bug description:
  When you change your password on your personal account settings page
  or via the force password screen, it goes through a password checker
  to determine some basic security and length of the password.

  These checks are not performed on when changing the password on
  /admin/users/edit.php as admin.

  For example: I can enter the password "mahara" on that screen, but
  can't use it on /account/index.php because it's deemed too simple.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~mahara-contributors
Post to     : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help   : https://help.launchpad.net/ListHelp

Reply via email to