Enforce Secure Passwords

I found a topic from WAY BACK IN 2007 that touched on this, but it doesn’t seem like there has been anything accomplished. Or at least I haven’t found a way.

We use the Registration Plugin so that new hires can create their own accounts. However, occasionally I have to reset their password because they forget it. It would be nice if I could create a temporary password for them, and then on their next login it forced them to change it. I would also like to enforce some complexity rules. Our Openfire server is Cloud Based, so it is not integrated to our AD/LDAP.

I’m just wondering if there is anything like this coming?

Hi Brandon!

Thanks for the suggestion. Those would be useful features

I’ve created two tickets to track this:

• OF-3248: Allow administrators to require users to change their password upon next login
• OF-3249: Introduce configurable password complexity requirements for user accounts

To do a bit of preemptive expectation management: both features would be valuable, but are also likely fairly complex to implement. As Openfire is an open source project, development depends on available contributor time and resources, so it may take a while before these get picked up.