1

On this password/security dialog there is only one field where password can be entered. I think there should be another field to confirm password, so that these two fields can be compared and if there is a mistake it should be shown, I mean user should be notified that they don't match. User can type in password in a wrong way and don't realize that, which can cause a lot of trouble.

Besides when I created an account for another user I set a password for him as an administrator, and when I logged out and wanted to log in to this second account I was asked to set a new password and only then the two fields where visible one for setting password and one for confirmation. I don't understand why it was the case because I didn't find any settings for this but I don't want to my other users to change password without my knowledge. As an admin I should be able to control what passwords they have and how can they change it.

Yes, any field that permits setting or resetting a password should be accompanied by a confirmation field, precisely to avoid typos.

But it is never a good idea for administrators to know individual user passwords. A password is a secret, known only by the user, and serves to prove the user's identity to the system. This is necessary for achieving nonrepudiation, and is actually a proper design for any enterprise-grade authentication system. The idea proposed here -- that the admin should be able to a curtail a user's ability to set her own password -- is incorrect.

When only Alice knows her password, then any action performed in her user context can be considered as a true action of Alice and only Alice. If someone else knows her password, this confidence can't be assured. Either Alice or the other person could deny having performed such action.

It is entirely appropriate for systems to offer mechanisms for enforcing password policies. And it is entirely appropriate for systems to allow administrators to take over a user's account, but only by using an administrator account (thus preserving nonrepudiation of that action). But it is entirely inappropriate for users not to be guaranteed that their passwords are secrets known only by them.

Ok. I take your point. I admit that my approach was wrong and that it is perfectly justifiable and reasonable for the non-admin users to be able to set their password in secret, without admin interaction, but still "reply password" field in GUI settings seems to be useful. Even if admin set only a temporary password for user that will be changed by user at login. Actually this two things don't exclude each other.

I have just checked it. I changed admin password and when logged in I wasn't ask to set/retype password. And for changing password in Konsole an old password is required. When I make a mistake and don't have a note with correctly written password or I just first write type password on paper but then mistype one keyboard sign this would mean that I can't act as an administrator anymore (unless other tricks are done to change password from root account).

I agree with your thought about a temporary password that the user must reset: this is the best way to ensure that each user's password remains a secret. In most systems that offer this feature, it's something that the admin enables during account creation.

I reported this as wish on bugs.kde.org and got reply that: "Bugs for the User Management systemsettings module are not tracked at the KDE bug tracker, because it is a distribution-specific add-on."
https://bugs.kde.org/show_bug.cgi?id=302887

But perhaps it would be better if it was just a KDE feature not something distribution-specific. So I think the idea should till remain vaild so that users can vote for it if they wish.

The password set/change facility of KDE's default user manager does require a validation entry:



Kubuntu's user management utility will gain this.