View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002700 | Composr | core | public | 2016-07-10 02:32 | 2020-05-08 21:40 |
| Reporter | Patrick Schmalstig | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0002700: Force reset all member passwords feature | ||||
| Description | I think a good little tool to have for Composr is the ability for site administrators to nullify every password in the Composr database and forcing every user to reset their password. A practical application to this would be if the staff of a Composr website have reasonable suspicion that the website's security was compromised. To protect the users on the site, a quick tool to expire all passwords and force members to create a new password would be very handy. | ||||
| Tags | Type: Security | ||||
| Time estimation (hours) | 3 | ||||
| Sponsorship open | |||||
|
|
It is currently possible to do this indirectly using Excel, mail-merge, and the temporary password feature. But a direct feature for it would be nice. |
|
|
Also ability to only nullify passwords on insecure old password schemes (likely from imported accounts). Ability to select which legacy password schemes to do this for. Mention this in the tut_importer tutorial. A future extension would be older password_hash schemes within PHP, if bcrypt becomes insecure. If a password has been 'nullified', a user should be told so when they try to sign in - so they understand why they need to do a reset on it. |
|
|
Also it's been requested to be able to change an existing single user's password to temporary. A 'temporary' checkbox when changing another member's password would be useful. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-07-10 02:32 | Patrick Schmalstig | New Issue | |
| 2016-07-10 02:34 | Chris Graham | Time estimation (hours) | => 3 |
| 2016-07-10 02:34 | Chris Graham | Tag Attached: Type: Security | |
| 2016-07-10 02:35 | Chris Graham | Note Added: 0004111 | |
| 2019-06-18 18:48 | Chris Graham | Note Added: 0005976 | |
| 2020-05-08 18:47 | Chris Graham | Note Added: 0006534 |
