2009-04-10 08:22:30
The auto-generated passwords that are being sent to our delegates are the standard combination of first and second name, and as such as very guessable by other delegates, presenting a potential security problem.
Is there any way to have Atutor generate more complex, random passwords?
Thanks
Roger
2009-04-10 13:20:35
There isn't a feature to change password complexity. With some programming, it would not be too much work to add an option for generating random passwords.
2009-04-13 17:30:11
A complication here is that if an instructor misspells the e-mail and the password is random, nobody except an admin will be able to do anything about that.
Still, I'm not sure it warrants a separate option -- the course properties page is already quite large.
While if we don't go for an option but rather for a custom system-wide setting, it's just one line of code copy-pasted from elsewhere in ATutor.
2009-04-21 09:07:37
I agree that this is a security problem which should be adressed.
also, the auto-generated passwords does not comply with ATutors password policy ("a combination of letters, numbers and symbols, 8 characters minimum, 15 characters maximum").
Completely random passwords are however very hard to remember, so I would suggest to generate passwords like:
usernameXXX
..where XXX equals three random numbers. user "vegard" could then get the password "vegard279" which is in line with the password policy, is not straight forward to guess, nor impossible to remember, and easy to explain to users. Maybe also a check to make sure the password is atleast 8 characters?
I also agree with Indie (I think), this should not be a new option, it should just be changed! :)
2009-04-21 09:16:15
The system can autogenerate a randomized string of passwords, and then the user can just login and change their passwords afterward. This should be sufficient enough to avoid other students from guessing their neighbor student's password.
2009-04-21 09:50:22
that would be fine, just anything but username == password :)