Automatically generate a password on user creation

Open on Drupal.org →

Created on 19 October 2024, 3 months ago

Problem/Motivation

Asking the admin to set a password on user creation is confusing for new users, because it's not a common pattern and leaves them somewhat unsure of what to do. If you opt to notify the user, you have set a password for no reason; if you opted not to or forgot, you then have to send them the password somehow, probably via email, which is not secure. The workaround is of course for the admin to generate a password reset email for the user, which is fine if you are experienced but very, very strange to new users.

Proposed resolution

We should hide the password field by default on the user creation form, and generate a password automatically when a user is created.

I've tested https://www.drupal.org/project/genpass → and it does exactly what I wanted, and comes with several config options to make it flexible for sites that would prefer something else.

For the default setup I would propose that we enable this module with 'Admins cannot set a password when creating or editing an account.' selected.

Remaining tasks

Confirm this is a good idea
Add it to the base recipe
Review
Commit

User interface changes

Hides the password field on user creation by default.

API changes

N/A

Data model changes

N/A

📌 Task

Status

Active

Component

Base Recipe

Created by

🇦🇺Australia pameeela

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @pameeela
Comment 3 months ago →
🇦🇺Australia pameeela
We can still discuss but I think making the change is blocked by ✨ Allow per-site configuration of 'Notify user of new account' default setting Active and because we really need that to default to on for this to work properly. We also need email sending to work, which is 🌱 Handle sending email in Drupal CMS Active .
Comment 3 months ago →
🇸🇰Slovakia poker10
Sending plaintext passwords in email is not considered a best practice and that was the reason, why password tokens were removed from core in #660302-64: Migration path for changed user email tokens; don't complicate translation of default messages → . Do we really want to send passwords in email in Drupal CMS by default?

We have the password reset links just for this specific use-case, so that passwords are not leaked to emails and 3rd party services parsing emails.

If we plan to use the https://www.drupal.org/project/genpass → module just for the password generation, I think that will be OK. Thanks!
Comment 3 months ago →
🇦🇺Australia pameeela
Per #3481627-15: Allow per-site configuration of 'Notify user of new account' default setting → we are not proposing to send passwords via email. This is a workaround for the current requirements and limitations of core.
Comment 2 months ago →
🇦🇺Australia pameeela
Comment 2 months ago →
🇺🇸United States phenaproxima Massachusetts
Re-titling to reflect the fact that there are two blockers.
Comment 21 days ago →
🇦🇺Australia pameeela
We addressed this in ✨ Improve manual account creation process Active

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024