Require Password Change On Login

[phynixx]

Hi all. I've looked around for similar suggestions for 3.1, 3.2 & 4.0 and haven't come up with anything (although searching for 'password' linked to other very interesting suggestions). Anyways after what I hope was enough due diligence I'd like to make the following suggestion:

Details:
ACP -> Users And Groups -> Manage Users -> user_x -> Overview (or future equivalent):

• - It'd be great to be able to have a 'Require password change on next login' checkbox that implements the necessary functionality
  - Option to set this default "checked" for all new users would be nice too so those that always want it can have it, and visa versa.
  - While possibly difficult to implement it would make sense that this would require their new password not to be their old password.
  - Could (probably) easily integrate with existing code of 'expire password' such that instead of writing lots of new code, just call whatever it calls.

Use Cases:

1.) You admin a 100% closed site wherein registrations are done entirely through the ACP and the initial password is chosen by the admin (what I have right now). You tell your users to change their password on first login. You even provide them a link to use as their "first login" which conveniently points right at the password change screen. But users, being users, ignore you. Months down the line you login to their account with the old password and PM them from their own account a friendly reminder all the while cursing because you wish the above feature was implemented. Damn users.

2.) You suspect a particular users' account may be compromised however you don't want to outright change their pwd & envoke support requests. Instead you want him to have to change it on next login. If it's compromised the un-auth'd user will either abandon the account or change the password. Option a.) yay.; b.) the auth'd user will envoke powers of 'forgot my password' have the temp sent to them, go and reset it and... yay.

3.) You admin a site where, for whatever reason, you are changing a user's password for them (perhaps the knob posted his password online) so you change it and provide it to him, however you want to make sure that they immediately change it once they get back in.

4.) I'm sure there's other use-cases that I can't think of so instead I'll simply say: there's got to be a reason why so many systems (bb and otherwise) come with the 'change password on next login' feature.

Anyways, that's all I've got. Hope it's of some value to the community.

Corollary that may/may not be possible/easy: Don't allow users to re-use passwords. A feature request for another day...

[innov8ion]

This would be very nice. Is there even a way for a user to change their own password? The only method I see is to make the user an admin and have them change their password from the ACP. But this is very, very, stupid... Help!

[Noxwizard]

Is there even a way for a user to change their own password? The only method I see is to make the user an admin and have them change their password from the ACP. But this is very, very, stupid... Help!

User Control Panel --> Profile --> Edit account settings

[innov8ion]

Is there even a way for a user to change their own password? The only method I see is to make the user an admin and have them change their password from the ACP. But this is very, very, stupid... Help!

User Control Panel --> Profile --> Edit account settings

Thanks so much, and I apologize if this was off-topic.

[Danielx64]

I can think of a different use case, forum get hacked, someone steals a copy of the phpbb database. While it is rather hard to crack the password, you want to do the right thing and make everyone change their password. So in this case you will want to add force password change for "all" users in one click (maybe 2 so that you can have "Are you sure" message)

Should this be a RFC?

[imkingdavid]

I can think of a different use case, forum get hacked, someone steals a copy of the phpbb database. While it is rather hard to crack the password, you want to do the right thing and make everyone change their password. So in this case you will want to add force password change for "all" users in one click (maybe 2 so that you can have "Are you sure" message)

Should this be a RFC?

I support for the feature, and it seems a few other people do as well, so I think it could be posted as an RFC.

Note that the RFC should include individual user setting for requiring them to change their password as well as a global user setting which will require all users to change their password.

While possibly difficult to implement it would make sense that this would require their new password not to be their old password.

Wouldn't be too hard. Even though the password isn't stored plaintext, we can still compare the new password to see if it would validate against the old hash and not accept it if so. Basically reverse of logging in (make sure it doesn't match instead of make sure it does).

Logic flow:
-Administrator checks "Require new password" in ACP for one or all users
-User logs in using old password, immediately redirected to new screen with two fields ("New password"/"Confirm new password") and an explanation (something to the effect of "Administrator has required you to set a new password. The new password cannot be the same as the old password." as well as any password strength requirements if we implement that).
-User enters password
----Same as old password, error; require new password
----Different from old password, does not meet password strength requirements, error; require new password
----Different from old password, meets strength requirements, success; continue to original destination
-User attempts to view another page before changing password; redirect back to password change screen

[Danielx64]

RFC created: viewtopic.php?f=108&t=42223

[Danielx64]

Any updates to this?