User password

[rtl]

Where can I find the password for the user to log in to the user portal. It's not in the welcome email anymore

[Support]

It's the password that you've set in "Authentication password" field on this page: /dom_settings.htm (if you've provisioned the phone)

[rtl]

And if I haven't provisioned a handset what is it?

It should be in the welcome email where it used to be

[Support]

If you're on the latest PBX version which is 64.0 it does send the password along.

We just tested it.

[rtl]

I'm at version 64.0.3 (Debian64) and the welcome email doesn't include the password. All I see is the domain and a message asking me to change the password and PIN

[Vodia PBX]

Generally speaking, passwords should be (and mostly are) write-only parameters. It can be a problem if passwords leak out, especially by email; that is why we took the passwords out of the welcome emails. So you would have to set the password as admin and then have a way to pass it to the user - preferably not with an email 

[rtl]

Given that almost all my customers use hosted services asking them to distribute passwords and/or QR codes via paper, or another non email method is a non starter. If I suggested it to them, which I haven't I'd simply be laughed at especially as I have over 600 3CX hosted PBX systems I was looking to migrate to Vodia over the next 12 months or so

[Vodia PBX]

Paper makes sense in some environments, e.g. teachers that get paper everyday anyway. But I agree, in other environments it is not practical at all. But there are other ways as well - first of all the goal should be that you don't have to distribute any passwords at all. If customers use Google email addresses, then you can use them for logging in without a password at all. This is also possible with Facebook accounts, LinkedIn accounts and also (though not very popular) with Office 365 accounts. Our feeling is that we should do Office 365 next. 

As for the QR codes, I am not even sure if it would be okay to send the images in emails. It might be unreadable for humans, but for robots QR codes are very easy to read. Maybe we'll leave this decision to the admins - a trade off between security and practicality. 

[rtl]

As my customers are corporate none of them use google email nor do they use facebook to login. If I choose to use email to distribute QR and/or passwords it entails additional work our end to extract these, compose emails and send them. 

We always use encrypted email with customers when sending any account credentials anyway

[Vodia PBX]

OK I guess the best solution is to offer the QR code email campaign and leave this topic to the system admin. 

[Vodia PBX]

Second thoughts. When we send the QR code to the user cell phone inbox, it is useless unless that user takes a photo from the mirror! There must be an easier way where we can send the link to the play store that includes the credentials. If the user's email is the gmail account we can use that for authenticating the user. 

[Byron Paul]

QR codes won't help a user log into their web app from their desktop either, which my users want to do. I don't want to be manually setting every web password and then manually notifying the user - instead I would like to be able to choose if we send web password in email.

FWIW I have customised the domain email_welcome.htm to get this working again for my domain.

<p class="cText">To get to your web portal log into <strong><a href="https://{ssi htmvar domain}">{ssi htmvar domain}</a></strong> as <strong>{ssi htmvar extension}</strong> and your web password is <strong>{ssi htmvar password}</strong></p>

 

[Vodia PBX]

We will solve the problem by adding two settings for including the password and including the QR code. Then the system administrator can make the decision wether to include it or not.

[Byron Paul]

Perfect - thanks !