User password management

Topics: Business Logic Layer
Jul 4, 2011 at 4:50 PM
Edited Jul 4, 2011 at 5:13 PM

After installing BE 2.5 I played around with passwords. Users can reset their password and receive a new password by email, but there isn't anything in the dashboard for a user to change their password after logging in.

What's the recommended practice for letting users manage their own passwords or for an Admin to change it for them? I suppose you could change the password format in web.config to Clear instead of Hashed, but that seems like a risk.

FWIW, removing a User's hashed password from users.xml will let a user login with "admin" as the password, but the entry in users.xml isn't updated.

Appreciate some guidance. Thank you.

Update: found how to do it. It's under the Administration heading after logging in.

Coordinator
Jul 4, 2011 at 5:31 PM

We really should add "change password" to the user profile, I opened work item for this.