Mandatory "new accounts password change" allows same password to be entered

ToddR shared this idea 22 days ago
Under Consideration

The following FileCloud settings are set:


(Admin GUI)/Settings/Admin

Allow Password Change = TRUE

(Admin GUI)/Settings/Misc/Password

New accounts Must Change Password = checked (ie: enabled)

Number of Previous Passwords that cannot be used = 1

As the admin, I added(created) the following new user (ie: Limited User in my example):


username: newuser

password: pswd1234


The user then attempts to log into FileCloud and is prompted to change his password (as expected) by entering "Old/New/Confirm Password" values.


If the user enters the same old password value (pswd1234) as the "new/confirm" password values then FileCloud accepts the password change:

/e6ae7ca9f830b11fe89581c9a21847ec


When the ADMIN "New accounts must change password" setting is enabled then this should force the user to enter a "new" password and not simply allow them to enter the same password. Technically, the user did not really "change" their password if the same old password is still being used.


I am planning on providing our external customers an easy password when their account is first created, but then rely on FileCloud to ensure they enter a "new" password during initial login, thus ensuring the password I provided is switched out.

Comments (1)

photo
1

Thanks for reporting. This looks like a bug. We will address this.