Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Force a password change #1262

Open
MariusBluem opened this issue Sep 4, 2016 · 12 comments
Open

Force a password change #1262

MariusBluem opened this issue Sep 4, 2016 · 12 comments
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: authentication feature: users and groups security

Comments

@MariusBluem
Copy link
Member

MariusBluem commented Sep 4, 2016
edited by MorrisJobke
Loading

We should offer an function to force password changes, in case of:

In general this should also be provided via API to make it possible to integrate tools outside of Nextcloud.

cc @LukasReschke @Liwindo @hitam4450
This was referenced Sep 4, 2016
Closed
Closed
@MorrisJobke
Copy link
Member

Maybe implemented as password expiry in the password_policy app?

@Liwindo
Copy link

Liwindo commented Aug 16, 2017

Not sure if that's enough. For my case you need also an option to lock the login until the passwords are changed in combination with an approval-mail to prevent that a stranger reset the password.

@kisimediaDE
Copy link

Are there some planes when this feature will integrate?

@MorrisJobke
Copy link
Member

Are there some planes when this feature will integrate?

Once somebody implements it, because as of now it's only a request without any roadmap plans yet.

@MorrisJobke MorrisJobke mentioned this issue Mar 13, 2018
Closed
@MorrisJobke
Copy link
Member

In general this should also be provided via API to make it possible to integrate tools outside of Nextcloud.

I added those two for the request in #8785

@KB7777
Copy link
Contributor

KB7777 commented Mar 13, 2018
edited by pierreozoux
Loading

Yes, API would be great :-)

@Liwindo

This comment was marked as duplicate.

Sign in to view
@nextcloud-bot nextcloud-bot added the stale Ticket or PR with no recent activity label Jun 20, 2018
This was referenced Jun 20, 2018
Closed
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Jul 31, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Aug 8, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Oct 6, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Oct 16, 2018
Closed
This was referenced Nov 20, 2018
Closed
Closed
@skjnldsv skjnldsv added the 1. to develop Accepted and waiting to be taken care of label Jun 12, 2019
@ghost ghost removed the stale Ticket or PR with no recent activity label Jun 12, 2019
@tmaff

This comment was marked as off-topic.

Sign in to view
@hex-m
Copy link

hex-m commented Jul 31, 2019

Regarding the API and external tools that could change passwords I'd like to point to this discussion.

It seems to me like the "force reset password on next login"-feature is a different issue than the API.

@pierreozoux
Copy link
Member

Currently, if you use vanilla Nextcloud (without any apps), it is really unsecure. When you create a user, you then have to send the password to this user, and the way people do it is via email.
And as you know users, they never change their password.

You can of course mitigate that with the registration app, or any user backend, but for vanilla users, it is unsecure.

@Nils160988
Copy link
Contributor

You don't have to set a password. You can just create the account, people receive an email with a link and set their own password.

@schlagi123 schlagi123 mentioned this issue Sep 7, 2020
Open
@joshtrichards joshtrichards added needs review Needs review to determine if still applicable and removed needs review Needs review to determine if still applicable labels Sep 22, 2024
@joshtrichards
Copy link
Member

Related: nextcloud/password_policy#14

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: authentication feature: users and groups security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests