Comment 4 for bug 335631

I agree with Tom about this.

Students are required to remember their passwords, and if they forget them, they need to request a password change from their Technologist or Administrator. The Security Model works, the password rules need to be tightened so schooltool/teacher/student/admin aren't valid passwords.

Email to reset/send a password is a nice long term goal, but it isn't something that should be a focus of development pre-1.0. There are almost no institutional systems that should allow this. (BlackBoard has an option, but Arlington keeps it *off*)

Finally, it is not SchoolTool's fault that people can't change passwords. Every system administrator should know that step 1 of every system is looking for and changing every default password.