Jump to content
  • 0

Generate Password


Ken

Question

23 answers to this question

Recommended Posts

  • 0

If you open up a client as a staff and hit the generate password button the password stays hidden.  Is that it's intended functionality?  Because I'm not sure what good it'd do if so.  :)

 

Yeah I think I they get a email with it. Not 100% sure, forgot how me and my client reset his password as I used that tool.

Link to comment
Share on other sites

  • 0

Yeah I think I they get a email with it. Not 100% sure, forgot how me and my client reset his password as I used that tool.

 

Not on my system.  It just generates a new password then save the client and send mail attempts.

 

There is a password reset tool at the login screen that works though.

Link to comment
Share on other sites

  • 0

The way it works is intended. Previously, it was a plain text field along with some other fields in Blesta, but those needed to by made into password-type fields. We plan to come back to this to improve how passwords are generated such that you would have an option to view the generated password.

Link to comment
Share on other sites

  • 0

What is it's intended purpose if nobody knows what it is?  I know I can make one up but the point of password generators is to quickly randomize a complex password for quicker work flow. 

 

It use to display it in the field, but we changed this because passwords should be in password fields. However, it's a 2 step fix the 2nd step is to design a modal popup that allows you to see the password and possibly alter how it's generated. (length, characters, etc). We just haven't got to the 2nd step yet, so this feature at the moment is admittedly less useful.

Link to comment
Share on other sites

  • 0

It use to display it in the field, but we changed this because passwords should be in password fields. However, it's a 2 step fix the 2nd step is to design a modal popup that allows you to see the password and possibly alter how it's generated. (length, characters, etc). We just haven't got to the 2nd step yet, so this feature at the moment is admittedly less useful.

 

Just picking up on this; is there any further news on the progress of this forthcoming feature please?

 

Just to throw an idea out there; how about emailing the password to the client automatically (or with a checkbox option to choose to do this, which is pre-checked?) Assuming that most users will end up emailing the new password to the client anyway, unless it is done over the phone for security (hence the option).
 
This will confirm to the client that their password has been reset and what it is now set to.
Link to comment
Share on other sites

  • 0

 

Just picking up on this; is there any further news on the progress of this forthcoming feature please?

 

Just to throw an idea out there; how about emailing the password to the client automatically (or with a checkbox option to choose to do this, which is pre-checked?) Assuming that most users will end up emailing the new password to the client anyway, unless it is done over the phone for security (hence the option).
 
This will confirm to the client that their password has been reset and what it is now set to.

 

 

It looks like this is tentatively assigned to version 3.3, and part of CORE-552.

 

It's unlikely we would email a client their password due to security reasons, although when a new account is created the password can already be sent in the client registration email. We don't send passwords in these emails ourselves, and recommend against it. It's better if they request/receive a password reset email and choose a new password in cases where they do not create their account.

Link to comment
Share on other sites

  • 0

It looks like this is tentatively assigned to version 3.3, and part of CORE-552.

 

It's unlikely we would email a client their password due to security reasons, although when a new account is created the password can already be sent in the client registration email. We don't send passwords in these emails ourselves, and recommend against it. It's better if they request/receive a password reset email and choose a new password in cases where they do not create their account.

 

What's proposed seems great. As version 3.3 is 2 major versions away, do you think that in the interim it would be sensible to remove the "generate password" button which is currently present in the Staff Portal? (given the aforementioned issue with it)

Link to comment
Share on other sites

  • 0

What's proposed seems great. As version 3.3 is 2 major versions away, do you think that in the interim it would be sensible to remove the "generate password" button which is currently present in the Staff Portal? (given the aforementioned issue with it)

 

While it's impossible to know the password, it's not entirely useless. I use the generate password option when creating new accounts manually and send a link to the password reset page so they can request a new password. In a sense, nobody knows the original password and the account is secure until the user resets it.

Link to comment
Share on other sites

  • 0

While it's impossible to know the password, it's not entirely useless. I use the generate password option when creating new accounts manually and send a link to the password reset page so they can request a new password. In a sense, nobody knows the original password and the account is secure until the user resets it.

 

Would this idea help mate? http://www.blesta.com/forums/index.php?/topic/1998-generate-password-and-confirm-page/

Link to comment
Share on other sites

  • 0

While it's impossible to know the password, it's not entirely useless. I use the generate password option when creating new accounts manually and send a link to the password reset page so they can request a new password. In a sense, nobody knows the original password and the account is secure until the user resets it.

 

Yeah, OK Paul that is an effective use for it as you say and that is a good process that I can adopt as well. Thank you.  :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...