Passwords

Comments

2 comments

  • Avatar
    Karla Norwood

    We had that feature on 3.2 where a person could change someone's password without being an administrator -- to change the password, without that feature, the admin had to change the password so we added a feature so admin didn't have to change them (there was no "forget your password" feature for the individual to get a new password themselves.) 

    With version 4.0 there didn't seem to be a need to have both -- in fact, from a security perspective, replacing that feature for a user getting a temp password with "forget your password" themselves gives the user "more security".

    0
    Comment actions Permalink
  • Avatar
    Bryan Siders
    Currently, you can give other people the ability to change your password in Connections Online 4.0 by giving them access to change your Individual Connection (People Tab).  So if a security group is created that has access to Read and Update all Individual Connections, they would be able to change other people's password.

    After looking into this, though, I almost wonder if they should not be allowed to do that.  As Admin pointed out, people can change their own passwords by using the link on the login page, so allowing only site admins to change passwords in the application should be enough.

    0
    Comment actions Permalink

Please sign in to leave a comment.