Jul 4, 2011 at 4:50 PM
Edited Jul 4, 2011 at 5:13 PM
After installing BE 2.5 I played around with passwords. Users can reset their password and receive a new password by email, but there isn't anything in the dashboard for a user to change their password after logging in.
What's the recommended practice for letting users manage their own passwords or for an Admin to change it for them? I suppose you could change the password format in web.config to Clear instead of Hashed, but that seems like a risk.
FWIW, removing a User's hashed password from users.xml will let a user login with "admin" as the password, but the entry in users.xml isn't updated.
Appreciate some guidance. Thank you.
Update: found how to do it. It's under the Administration heading after logging in.