Change password on 1st login

Brought to you by: canajun2eh, yalnifj

#773 Change password on 1st login

Status: open

Owner: nobody

Labels: It would be COOL if it did... (440)

Priority: 5

Updated: 2007-02-26

Created: 2007-02-26

Creator: geckonapper

Private: No

One way it was suggested to do that is have expiring passwords, and then set a password to expire immediately.

Discussion

Greg Roach - 2007-03-05

Logged In: YES
user_id=1466942
Originator: NO

Why would we want to do this?

The usual reasons for making people change their password on first login is when the system administrator has chosen the password or when the password has been sent to the user through unencrypted email. Neither apply with PGV.

It would just annoy people and offer no real security benefit.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

geckonapper - 2007-06-25

Logged In: YES
user_id=1447441
Originator: YES

Here's why:

I create an account for johndoe1 with the password "yankees". I give him his credentials and by having him change pw on 1st logon, I figure I'm making it easier on him. Most people nowadays are having to remember several username/passwords and this lets him choose something that he is comfortable with and easy to remember.

Perhaps there should be a checkbox "User must change pw on 1st login". I vote for a checked default.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.