Platform: Better Passwords

[StudioZut]

Assess a password tool like https://www.drupal.org/project/better_passwords. Requires the zxcvbn-php library available at https://github.com/bjeavons/zxcvbn-php but otherwise seems straightforward.

[mariacha]

This is up and available for review at https://pr-1189-wriflagship.pantheonsite.io/admin/people/create

If you try to enter a password that's less than 12 characters, you will get an error. Weak passwords like "testtesttest" also throw errors. You also have the option of auto-generating a password for a new user. This makes a random string of characters for you. In this workflow, admins never know the generated password. New users must use the "Forgot password" link, check their emails, and generate a new password for themselves to log in for the first time. Using the auto-generated password is optional though.

[monicapatel21]

Note: Password reset needs SendGrid enabled on platform sites Editors should not select the option to Auto-generate a password on the non-flagship site.

[mariacha]

Change is up on develop: https://develop-wriflagship.pantheonsite.io/admin/config/people/passwords

The auto-generate option is now available on Flagship since it has sendgrid set up: https://develop-wriflagship.pantheonsite.io/admin/people/create

[monicapatel21]

Update from Shannon -- no email to @wri or @gmail accounts Christian just enabled SendGrid on all live environments today.

Maria to take a look at develop

[mariacha]

Hmm, I did get an email sent from sendgrid:

@shannon-paton There's a checkbox below that is easy to miss but is required to get the email to send "Notify user of new account" -- any chance you missed checking that?

[shannon-paton]

Yep, that was it! Worked for me @mariacha