Introducing improved User Password Management

The next article in the run up to 1.4 stable release will take a look at the improvements made to User Password Management.

Up until now user passwords and user management in general has not always been clear in Xibo – we have tried to improve the situation with 3 new features/improvements:

  • Users can change their passwords without having access to the user administration page
  • Administrators can set a regular expression to test password complexity
  • Administrators can override users passwords in a more intuitive way

Hopefully this will clear up some confusion with users having access to the user admin page and ensure better security through more complex passwords (at the administrators discretion)

[![](/content/images/2012/04/password-policy-settings-300x158.png "Password Policy Settings")](/content/images/2012/04/password-policy-settings.png)
Settings for the Password Policy on the Permissions Tab
#### Password Complexity

When designing this feature we wanted the utmost flexibility given to the administrator to test passwords in which ever way they chose. Therefore we have introduced a new setting in the “Permissions” tab called USER_PASSWORD_POLICY (will be translated into the local language before release).

An administrator can put any valid regular expression in this box, which will cause all users password change requests (and new users) to be tested against this expression.

It is also important for the user to know what the policy actually is – therefore we have introduced another setting called USER_PASSWORD_ERROR which will be presented to the user when they enter a password that does not validate against the regular expression.

[![](/content/images/2012/04/password-user-change-300x201.png "User password change")](/content/images/2012/04/password-user-change.png)
Users can change their password by clicking on their username
#### Changing Passwords

A user can now change their password by clicking on their user name in the top right corner of the admin interface. They will be presented with a form requiring them to enter their existing password, a new password and a retyped new password – all fields are required.

An administrator can now easily override / reset a users existing password by editing the the from the user admin screen and ticking the box to “override”.


We hope that these enhancements will make it easier for administrators and users alike and make Xibo more flexible and secure! Comments and Feedback are always welcome over on Launchpad Answers.