Admin: Password strength checker

Add "Password strength checker" in the security block.

Create a report that shows all users using commonly used (i.e. weak) passwords, with actions to remediate:

- for each user, add a "Request password change" button that uses a template message to explain why a change is necessary, and offers a link to start the process
- for each user, add a "Forced password reset" button that immediately resets the password and sends the new password to the user by e-mail. The account must 
- add a multiple-selection option to "Request password change"
- add a multiple-selection option to send a "Forced password reset"

Use the following templates (and add these strings to the messages.pot and messages.en.po files):

| Mail topic | Mail content |
|---|---|
| [%s] Please change your password | Dear %s,\n\nOur security enforcing process shows you use a password that is commonly used on the internet, which means your account could easily be stolen. It is probably a simple sequence or a very common word, we don't really know (we cannot see your password), but we ask you to please connect to the platform and request a password change. You can follow the link here: %s to do that now.\n\nPlease note we will *never* ask for your password in this process. You just enter your username or e-mail and we send you a link. If you are asked to introduce your existing password to do that, someone is probably trying to do Phishing on your account. Be safe, change your password now!\n\n%s\n%s|
| [%s] Your password has been reset | Dear %s,\n\nOur security enforcing process flagged you as using a password that is commonly used on the internet, which means your account could easily be stolen. As a prevention measure, we have decided to initiate a password reset process. Your new, automatically generated password is now:\n\n%s\n\nPlease login to the platform soon (using this new password) to set your own, personal and secure, password.\n\nBe safe.\n\n%s\n%s |

The placeholders for these strings are, respectively:
- The platform title, the user's first name, the link to reset one's password (standard lost password page, asking for the username or e-mail), the administrator name, the platform title
- The platform title, the user's first name, the newly-generated password, the administrator name, the platform title

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Admin: Password strength checker #8077

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Mail topic	Mail content
[%s] Please change your password	Dear %s,\n\nOur security enforcing process shows you use a password that is commonly used on the internet, which means your account could easily be stolen. It is probably a simple sequence or a very common word, we don't really know (we cannot see your password), but we ask you to please connect to the platform and request a password change. You can follow the link here: %s to do that now.\n\nPlease note we will never ask for your password in this process. You just enter your username or e-mail and we send you a link. If you are asked to introduce your existing password to do that, someone is probably trying to do Phishing on your account. Be safe, change your password now!\n\n%s\n%s
[%s] Your password has been reset	Dear %s,\n\nOur security enforcing process flagged you as using a password that is commonly used on the internet, which means your account could easily be stolen. As a prevention measure, we have decided to initiate a password reset process. Your new, automatically generated password is now:\n\n%s\n\nPlease login to the platform soon (using this new password) to set your own, personal and secure, password.\n\nBe safe.\n\n%s\n%s

Admin: Password strength checker #8077

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions