Skip to content

user with no password can make themself a password #2653

Open
@Alex-Jordan

Description

@Alex-Jordan

Maybe this is expected behavior, not an issue...

We have the permission to change password set to "student" so they can change their own passwords. There was a student who should be entering their course via LTI. Initially they had no password. They went to Account Settings and accidentally saved a password for themselves.

I'm just wondering if that should not have been permitted. Changing a password is one thing, but creating one is different. The instructor has not set the LTI option to require users to enter from the LMS (for convenience, so the instructor herself can enter with a password). So now this student can also enter using the password they made up. Maybe that is a good thing? My first reaction is that it causes confusion. I would find it simpler to just know with certainty that none of the students have a password.

What do others think?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions