Password settings: "changing this may have far-reaching or unintended consequences for your site"

Support
1

Dear Discourse Community,

On our self-hosted instance of Discourse, we’d like to increase the minimal count of unique characters, but we are faced with this scary warning:

warning window: changing this may have far-reaching or unintended consequences for your site
warning window: changing this may have far-reaching or unintended consequences for your site1920×630 96.3 KB

Does this warning imply anything else than:

  1. users with non-complying passwords will need to update them on next login
  2. only the users with non-complying passwords will need to update them

?

I obviously searched before posting and read the OG blog post on Password Rules Are Bullshit :face_blowing_a_kiss:

2

Hey @BernardPaulus :waving_hand:

After some research with Discourse AI :robot: it appears that:

This answer seems to be backed up by this topic

3

hey @ondrej ,

I had missed that, thank you!

To quote the post you linked:

The easiest (for you) solution would be to expire all of the passwords and have everyone reset them.

1 Like