ereztal wrote on Sunday, March 27, 2016:
Hi guys hope you’re enjoying the weekend.
I was testing the password authorization as an admin generating a new user account (LeftNav>Adminstration>Users>Add User).
I was able to create a user with a 1 letter password, the authorization process from:
interface/usergroup/checkpwd_validation.js
Is not triggered (?)
yehster wrote on Sunday, March 27, 2016:
Not by default. There is a global setting under security:
Require Strong Passwords
That needs to turned on.
ereztal wrote on Sunday, March 27, 2016:
Excellent, thanks Kevin.
tmccormi wrote on Monday, March 28, 2016:
These days I think that “require strong passwords” and “require password expiration” should be the default from all new installations.
bradymiller wrote on Tuesday, March 29, 2016:
Before making it default, recommend doing rigorous testing on the feature and ensuring it works for international users.
-brady
OpenEMR
osverdlov wrote on Tuesday, March 29, 2016:
I agree.