Need ability to force a user to reset their password

[pdehaan]

Random use case:
Something like HeartBleed 2.0 comes out in the wild. We patch our certs and make sure everything is clean, but we want to proactively make users change their passwords (versus passively sending an email to everybody and ASK them to change them).

Not sure if we can force the user's account into a state where they need to reset their password after their next successful login, or if we halt syncing and everything else and throw up a doorhanger saying "Please reset your password to continue synching".

Discuss.

[jkufner]

Do not halt syncing. In many cases it is better to continue even if security may be compromised. Especialy when user is away from home and any problem can be very hard to solve.

[pdehaan]

Lets email this to the group and get a discussion goin.

[rfk]

We should definitely do this, removing question-mark from title and moving into "ready" (after being inspired/terrified by the recent lastpass breach). I think we could actually do a really simple variant of this as follows:

• Introduce a new error code for "you have to change your password"
• Make a config option giving the date of the last security event, defaulting to zero
• On login, check whether account.verifierSetAt < config.timestampOfLastSecurityApocalypse and error out if so
• Add new UI for all this in content-server and android (oh, did I say "simple"..?)

We could leave existing sessionTokens alone, and allow the user to proceed via password change rather than outright password reset, which should prevent any funny business with existing sync devices suddenly disconnecting.

[rfk]

/cc @shane-tomlinson who mentioned this to me the other day.

[shane-tomlinson]

Add new UI for all this in content-server and android (oh, did I say "simple"..?)

Don't forget about FxOS.

[rfk]

Ugh, I always forget abut FxOS.

[rfk]

Closing out this old bug, we'll revisit it through product planning process in Aha