[Building Sakai] internal Sakai account management

Berg, Alan A.M.Berg at uva.nl
Thu Mar 11 05:11:14 PST 2010 

Hi,

Defense in depth. I would not agree with the statement > as most users know what makes a strong password. We should not assume.

Alan

Alan Berg
Interim QA Director - The Sakai Foundation

Senior Developer / Quality Assurance
Group Education and Research Services
Central Computer Services
University of Amsterdam

http://home.uva.nl/a.m.berg




-----Original Message-----
From: sakai-dev-bounces at collab.sakaiproject.org on behalf of Adam Marshall
Sent: Thu 3/11/2010 14:06
To: Steve Swinsburg
Cc: sakai-dev at collab.sakaiproject.org
Subject: Re: [Building Sakai] internal Sakai account management
 
yes agreed.

1/ set strong initial password
2/ check strength of password when changed

I think 2 is less important as most users know what makes a strong password. Sakai does not!

Adam



From: Steve Swinsburg [mailto:steve.swinsburg at gmail.com]
Sent: 11 March 2010 13:00
To: Adam Marshall
Cc: sakai-dev at collab.sakaiproject.org
Subject: Re: [Building Sakai] internal Sakai account management

Do you mean adding in generation of passwords in the Users tool? You could still use this method to check it's strength after one was generated. And you'd want to check a user's password strength when they change it.

cheers,
Steve
On Thu, Mar 11, 2010 at 11:17 PM, Adam Marshall <adam.marshall at oucs.ox.ac.uk<mailto:adam.marshall at oucs.ox.ac.uk>> wrote:
I was thinking of auto generating a stronger initial password not checking a user supplied one.

adam

| -----Original Message-----
| From: Steve Swinsburg [mailto:steve.swinsburg at gmail.com<mailto:steve.swinsburg at gmail.com>]
| Sent: 11 March 2010 11:28
| To: Adam Marshall
| Cc: sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>
| Subject: Re: [Building Sakai] internal Sakai account management
|
| Hi Adam,
|
| Password strength is partially done via
| http://jira.sakaiproject.org/browse/KNL-285 which adds support for
| checking a user's password based on a number of criteria and return a
| score. There wasn't any work done on the actual User tool though, which
| would leverage this http://jira.sakaiproject.org/browse/SAK-17058.
|
| Expiry would be a good one too.
|
| cheers,
| Steve
|
|
|
|
| On 11/03/2010, at 9:25 PM, Adam Marshall wrote:
|
| > has anybody done any work with the non-provided accounts, i.e., the
| accounts that are created via the Users tool. Specifically
| >
| > 1/ generating a better password, the security of the current password
| is extremely poor
| > 2/ account expiry - setting a default (of say 3 years) with a
| reactivation / deactivation features
| >
| > Adam
| > _______________________________________________
| > sakai-dev mailing list
| > sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>
| > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
| >
| > TO UNSUBSCRIBE: send email to sakai-dev-
| unsubscribe at collab.sakaiproject.org<mailto:unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100311/e8944975/attachment.html

More information about the sakai-dev mailing list