We installed matomo-password-policy-enforcer plugin and adjust the settings to enforce more secure passwords.
Unfortunately users with old passwords, that didn’t meet the new criteria were not forced to change their passwords.
Is it normal behaviour?
Hi,
The plugin is not maintained by the Matomo team, so I can’t speak for the author.
But looking at the code, it seems that indeed the plugin is only executed whenever Matomo saves a new password (and checks it against the rules of all plugins).
The same is true for my plugin: https://plugins.matomo.org/PasswordVerifier
BTW:
Matomo can’t even know for your stored passwords if they are against the rules as they are stored properly hashed.
Of course one could write a plugin that checks the password of users against the rules on every login.
Thank you for swift reply and taking a look at the plugin’s code.
Thank you so much for sharing this thread and letting us know. I’m going to try it now.