Get started with PHP-Fusion

Never allow a user made password
Posted by: Homdax Posted: 23/01-2014 Assigned To: No user assigned
Category: Core Type: Tweak Priority: Minor
Version: 8.00 Status:
Description:
From my experience at work we have a few systems that do not allow a user to create their own password. The passwords are always generated given a certain complexity requirement.

We already have a password generation, hence I suggest we should apply it to the registration form, allowing a registering member to see the generated password (print it, save it or whatever) but not be allowed to input anything by themselves.

In order to facilitate storage of password I would recommend http://lastpass.info, http://keypass.org or http://identitysafe.norton.com , as examples.

Password reset works as usual of course.
Comments
Comments have been moved to the forum.
History
Edited by Falk on 08/04-2014.
Priority changed from Normal to Minor.
Status changed from to .
Falk's Comment:
We can implement is as optional to restrict passwords for stronger protections. I do not want us to force everyone to have this.