Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt November 11, 2024
Forum User Posted November 21, 2013 Posted November 21, 2013 As of now, the admin has the ability to change a user's password, but there is not a mechanism to notify the user fo the password change. When you change a username, a box popups up that can be emailed to the user. This type of functionality needs to be available when changing a password for the user. In addition, the admin should have the ability to browse for a user and then click a "reset password" button, which will send the user an email message with a link to change password. I know that this can be done manually on the front side, but would be a real pain if you need to reset multiple passwords for users.
chilihead Posted November 21, 2013 Posted November 21, 2013 Agreed. With ability to send CURRENT password as well. Something like a radio button to Send Current or Generate New.
Ryan Ashbrook Posted November 21, 2013 Posted November 21, 2013 Agreed. With ability to send CURRENT password as well. Something like a radio button to Send Current or Generate New. Sending the current password would not be possible without storing it plaintext in the database somewhere, which is a security issue.
chilihead Posted November 21, 2013 Posted November 21, 2013 Gotcha. I always tell people use the lost password function. I guess then, this sends a new one. Thanks. Didn't know that. I do agree with the original request.
rmbettencourt Posted November 27, 2013 Posted November 27, 2013 I think is a great idea, just send them an email to notify them of the login credentials, no need for the old password to be listed. Alternatively, a link like the one is sent when using "forget my password" can be sent. (makes sense?)
Hyphae.Network Posted January 4, 2014 Posted January 4, 2014 I agree as well. It seems trivial to reset a password, but how can there not be a way to notify the user of this change? Clicking the reset password button should auto-generate one and email it to the account on file. End of story. A more important question is why does the admin even need to know the password? THAT seems like a security risk. Admins can be granted access to login as the user, or not, but they never have their password. The act of resetting the password also does not need to involve the admin choosing or knowing it. So if I may add to this, I vote to simplify the reset password option from acp, and I also vote to remove the admins ability to choose the new password.
pixelkicker Posted August 14, 2014 Posted August 14, 2014 I am dealing with an issue where during a conversion from vbulletin all of my users are having issues with their old passwords. They are active members and the member accounts work/have permissions but they can't log in. There should be a tool that allows me to reset passwords on all selected accounts. This tool should simply email the user and tell them they need to follow this link to reset their password. That way I don't know it, they get notified, everybody wins.
Ryan Ashbrook Posted August 14, 2014 Posted August 14, 2014 I am dealing with an issue where during a conversion from vbulletin all of my users are having issues with their old passwords. They are active members and the member accounts work/have permissions but they can't log in. There should be a tool that allows me to reset passwords on all selected accounts. This tool should simply email the user and tell them they need to follow this link to reset their password. That way I don't know it, they get notified, everybody wins. In your specific case, please submit a support request, conversions from vBulletin should allow passwords to work for all members. :smile:
Rheddy Posted August 17, 2014 Posted August 17, 2014 I'm wondering how that works for the admin. Wouldn't the IPS system protect against auto-generating a new password for the admin?
Aiwa Posted August 17, 2014 Posted August 17, 2014 For admins, you can still use the password reset tool. You just can't change your password from within your profile.
Rheddy Posted August 17, 2014 Posted August 17, 2014 I guess I've always been reluctant to do that because you run into a situation where you might not get that password sent and it automatically marks your account as 'validating', which I've found to be pretty hilarious.
Aiwa Posted August 17, 2014 Posted August 17, 2014 You are never 'sent' a password. You're sent an e-mail where you're linked to a page to input your new password. Plaintext passwords are not e-mailed to users or admins.
Rheddy Posted August 18, 2014 Posted August 18, 2014 I keep forgetting that. lols. But, you're right, you are sent an email with a link to allow you to regenerate a new password. I keep mixing the two up. *slaps self on back of head*
Recommended Posts
Archived
This topic is now archived and is closed to further replies.