Force users to have password?

[hjone72 9]

Is it possible to force users to have a password?

 

Thanks,

[Cerothen 97]

This is actually a good idea for a feature request. It would also be nice to be able to force some complexity rules like length or required types

[hjone72 9]

As well as things like "User must change on first login" etc.

[kesm 25]

I know this feature request is old but I agree it could be interesting to have this.

I create users and gave them access to emby but they never change password, it could be great to force them to have one

[adrianwi 279]

Interesting.  I set a fairly secure password for all my users, but does this mean that they could go in and reset my password to no password?

[arche 177]

Interesting.  I set a fairly secure password for all my users, but does this mean that they could go in and reset my password to no password?

 

I suppose they can if you have the option "Allow this user to change their password and profile image" enabled in their profile.

[Luke 42083]

It's a good idea for the future. thanks.

[Thomas64 40]

I probably have things configured in Emby on the simpler side than most - only local users, and no WAN access. With that, my vote would be not to make signing into Emby too complicated, as a requirement..

 

My W10 "Server" machine has everything locked down with strong passwords. Emby is essentially just serving up media (to over simplify). My vote is that it doesn't need to have extensive password requirements. The security in Emby seems pretty good in what you can control or allow others to control, as is. (Again - to me, in my simplified setup..)

 

The main and most important reason for simplicity to me is - ease of entering passwords via a standard TV/WMC type Remote Control when using Emby Theater..

 

For example, my user config:

 

"User1" - Hidden account with a strong password and the only one that has full access to all media and can manage the Emby software. (Usually, I also have it set to allow access only from the server machine itself.)

 

"User2" - Access to all libraries and LiveTV/Recording control. Only allowed to delete TV Recordings - nothing else. All the social media and downloading stuff is disabled. This account has a numeric only password since it is the one I use in Emby Theater the most. (So it is easier to enter via a standard remote control, as mentioned above.)

 

"User3" - no password. Not allowed access to Live TV/Scheduling, some personal folders, or deletion of anything. All the social media and downloading stuff is disabled as well. Account does not have access to change its own profile settings.

 

My reasoning behind no password for "User3" is - if I trust you enough to be on my personal network in the first place, I see no reason not to trust you to view/listen to some of my generic media content (Music, Recorded/Archived TV Shows/Movies).

 

In other words - I wouldn't want to see the lines blurred between what seems to be security expected on an actual "Server", to what I have to go through to get access to my Media on my couch from my TV. Just my 2 cents.. LOL

 

Edit - To mention as well - I frequently use the "User3" account myself when I just want to listen to music or such via the the Web App on various devices..

Edited April 1, 2019 by Thomas64

[adrianwi 279]

I agree with making LAN access as easy as possible, but at the same time, anyone using WAN access needs to make sure things are secure as they can be.

 

I set a password for any users I set-up but also wanted to give them the option of changing it if they wanted to.  I didn't realise they'd be able to change it to having no password!

 

This shouldn't be much more difficult than a couple of extra switches on the user to say "Must have password Y/N" and "Complex Password Y/N" e.g. should be alpha-numeric with a Capital letter and a minimum of 8 characters.

[Zaphod414 5]

Has there been any focus yet on the option to force a user to change password at next logon?  Seems like it wouldn't be that hard to implement, and people have been asking for this for years now.  Basic password management is an essential sub-task of user management.  Needing to use a temporary password when first creating a new user is fine, but then I need some way to force the user to change it or at the very least see the datestamp of their last password change somewhere so I can tell when they've changed it.  Password complexity requirements and maybe even password expiry would be a nice bonus to have too, but the basic force user to change password at next logon is the most pressing priority.

[Luke 42083]

On 3/11/2023 at 12:08 AM, Zaphod414 said:

Has there been any focus yet on the option to force a user to change password at next logon?  Seems like it wouldn't be that hard to implement, and people have been asking for this for years now.  Basic password management is an essential sub-task of user management.  Needing to use a temporary password when first creating a new user is fine, but then I need some way to force the user to change it or at the very least see the datestamp of their last password change somewhere so I can tell when they've changed it.  Password complexity requirements and maybe even password expiry would be a nice bonus to have too, but the basic force user to change password at next logon is the most pressing priority.

HI, not yet, but it's certainly possible for future updates. Thanks.

[adrianwi 279]

Security improvements never seem very high on the future development roadmap, sadly