- Issue created by @catch
Spin off from π Notify users that they need to reset their password when it matches an unsupported hash type Active which is itself a spin-off from π Replace custom password hashing library with PHP password_hash() Fixed .
Eventually, we will move core's custom phpass password hashing logic out of core.
Some sites will then have users that haven't logged in for months or years, who need to reset their passwords.
It would be feasible to detect the old phpass hash, and give those users an additional hint that they should definitely reset their passwords. However, this potentially allows enumeration that there are old hashes in the database, so we might also not want to do that.
Postponed on π Notify users that they need to reset their password when it matches an unsupported hash type Active because we should definitely do the admin-facing message first.
Postponed
10.1 β¨
Last updated