Remove / disable password via account settings
Description
Ability to remove a password from an account, and ability to disable passwords site-wide (for git).
Documentation blurb
- Once a password has been set, it should be possible to remove/disable that password.
- If an organization is enforcing SAML / OAUTH login, and switches from password based auth to ssh keys, the password is not being used by the user and is forgotten but is still a point of failure and would allow an attacker to gain access.
- An organization should be able to enforce that all users use ssh keys instead of passwords.
- On the
Settings -> Password
page, there should be a button to remove your password if you have logged in with an external login provider.
Edited by username-removed-1210163