Jump to content
  • 0

Generate Password

Ken

Asked by Ken,

 Share

Question

Ken Newbie

Ken

Posted
Posted

If you open up a client as a staff and hit the generate password button the password stays hidden.  Is that it's intended functionality?  Because I'm not sure what good it'd do if so.  :)

23 answers to this question

Recommended Posts

  • 0
Michael Apprentice

Michael

Posted
Posted

If you open up a client as a staff and hit the generate password button the password stays hidden.  Is that it's intended functionality?  Because I'm not sure what good it'd do if so.  :)

 

Yeah I think I they get a email with it. Not 100% sure, forgot how me and my client reset his password as I used that tool.

  • 0
Ken Newbie

Ken

Posted
  • Author
Posted

Yeah I think I they get a email with it. Not 100% sure, forgot how me and my client reset his password as I used that tool.

 

Not on my system.  It just generates a new password then save the client and send mail attempts.

 

There is a password reset tool at the login screen that works though.

  • 0
Michael Apprentice

Michael

Posted
Posted

Not on my system.  It just generates a new password then save the client and send mail attempts.

 

There is a password reset tool at the login screen that works though.

Erm maybe we need that :D 

  • 0
Tyson Newbie

Tyson

Posted
Posted

The way it works is intended. Previously, it was a plain text field along with some other fields in Blesta, but those needed to by made into password-type fields. We plan to come back to this to improve how passwords are generated such that you would have an option to view the generated password.

  • 0
Ken Newbie

Ken

Posted
  • Author
Posted

I see.  What is it's current function?  Since neither the client or the admin have any way of knowing what the password is.  Is it just a place holder until they do a password reset?

  • 0
Ken Newbie

Ken

Posted
  • Author
Posted

What is it's intended purpose if nobody knows what it is?  I know I can make one up but the point of password generators is to quickly randomize a complex password for quicker work flow. 

  • 0
Paul Rising Star

Paul

Posted
Posted

What is it's intended purpose if nobody knows what it is?  I know I can make one up but the point of password generators is to quickly randomize a complex password for quicker work flow. 

 

It use to display it in the field, but we changed this because passwords should be in password fields. However, it's a 2 step fix the 2nd step is to design a modal popup that allows you to see the password and possibly alter how it's generated. (length, characters, etc). We just haven't got to the 2nd step yet, so this feature at the moment is admittedly less useful.

  • 0
Alk Rookie

Alk

Posted
Posted

It use to display it in the field, but we changed this because passwords should be in password fields. However, it's a 2 step fix the 2nd step is to design a modal popup that allows you to see the password and possibly alter how it's generated. (length, characters, etc). We just haven't got to the 2nd step yet, so this feature at the moment is admittedly less useful.

 

Just picking up on this; is there any further news on the progress of this forthcoming feature please?

 

Just to throw an idea out there; how about emailing the password to the client automatically (or with a checkbox option to choose to do this, which is pre-checked?) Assuming that most users will end up emailing the new password to the client anyway, unless it is done over the phone for security (hence the option).
 
This will confirm to the client that their password has been reset and what it is now set to.
  • 0
Paul Rising Star

Paul

Posted
Posted

 

Just picking up on this; is there any further news on the progress of this forthcoming feature please?

 

Just to throw an idea out there; how about emailing the password to the client automatically (or with a checkbox option to choose to do this, which is pre-checked?) Assuming that most users will end up emailing the new password to the client anyway, unless it is done over the phone for security (hence the option).
 
This will confirm to the client that their password has been reset and what it is now set to.

 

 

It looks like this is tentatively assigned to version 3.3, and part of CORE-552.

 

It's unlikely we would email a client their password due to security reasons, although when a new account is created the password can already be sent in the client registration email. We don't send passwords in these emails ourselves, and recommend against it. It's better if they request/receive a password reset email and choose a new password in cases where they do not create their account.

  • 0
Alk Rookie

Alk

Posted
Posted

It looks like this is tentatively assigned to version 3.3, and part of CORE-552.

 

It's unlikely we would email a client their password due to security reasons, although when a new account is created the password can already be sent in the client registration email. We don't send passwords in these emails ourselves, and recommend against it. It's better if they request/receive a password reset email and choose a new password in cases where they do not create their account.

 

What's proposed seems great. As version 3.3 is 2 major versions away, do you think that in the interim it would be sensible to remove the "generate password" button which is currently present in the Staff Portal? (given the aforementioned issue with it)

  • 0
Paul Rising Star

Paul

Posted
Posted

What's proposed seems great. As version 3.3 is 2 major versions away, do you think that in the interim it would be sensible to remove the "generate password" button which is currently present in the Staff Portal? (given the aforementioned issue with it)

 

While it's impossible to know the password, it's not entirely useless. I use the generate password option when creating new accounts manually and send a link to the password reset page so they can request a new password. In a sense, nobody knows the original password and the account is secure until the user resets it.

  • 0
Michael Apprentice

Michael

Posted
Posted

While it's impossible to know the password, it's not entirely useless. I use the generate password option when creating new accounts manually and send a link to the password reset page so they can request a new password. In a sense, nobody knows the original password and the account is secure until the user resets it.

 

Would this idea help mate? http://www.blesta.com/forums/index.php?/topic/1998-generate-password-and-confirm-page/

  • 0
Alk Rookie

Alk

Posted
Posted

While it's impossible to know the password, it's not entirely useless. I use the generate password option when creating new accounts manually and send a link to the password reset page so they can request a new password. In a sense, nobody knows the original password and the account is secure until the user resets it.

 

Yeah, OK Paul that is an effective use for it as you say and that is a good process that I can adopt as well. Thank you.  :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...