Password policy: Difference between revisions

From MoodleDocs
(applying password policy to enrolment keys)
(content moved to Site policies)
Line 1: Line 1:
It is highly recommended that a password policy is set in ''Administration > Security > [[Site policies]]'' to force users to use stronger passwords that are less susceptible to being cracked by a intruder.
#redirect [[Site policies]]
[[Image:Password policy.png|thumb|Password policy]]
 
The password policy is enabled by default.
 
The password policy includes option to set the minimum length of the password, the minimum number of digits, the minimum number of lowercase characters, the minimum number of uppercase characters and the minimum number of non alphanumeric characters.
 
Default password policy settings are:
* Password length - 8
* Digits - 1
* Lowercase letters - 1
* Uppercase letters - 1
* Non-alphanumeric characters - 1
 
If a user enters a password that does not meet the requirements, they are given an error message indicating the nature of the problem with the entered password.
 
:''Tip'': To reduce the chance of md5 lookup attack, passwords should have at least 8 characters and contain at least one number, at least one lowercase letter, at least one uppercase letter and at least one non-alphanumeric character.
 
Enabling the password policy does not affect existing users until they decide to or are required to change their password. An admin can force all users to change their password using the force password change option in [[Bulk user actions]].
 
:''Tip'': The password policy may also be applied to [[Enrolment key|enrolment keys]] by ticking the 'Use password policy' checkbox in the [[Self enrolment]] settings.
 
==See also==
 
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
* [http://www.passwordmeter.com/ Password strength checker]
 
[[Category:Security]]
 
[[fr:Politique de mot de passe]]

Revision as of 08:25, 18 October 2011

Redirect to: