Jump to content

User password


Recommended Posts

Generally speaking, passwords should be (and mostly are) write-only parameters. It can be a problem if passwords leak out, especially by email; that is why we took the passwords out of the welcome emails. So you would have to set the password as admin and then have a way to pass it to the user - preferably not with an email 

Link to post
Share on other sites

Given that almost all my customers use hosted services asking them to distribute passwords and/or QR codes via paper, or another non email method is a non starter. If I suggested it to them, which I haven't I'd simply be laughed at especially as I have over 600 3CX hosted PBX systems I was looking to migrate to Vodia over the next 12 months or so

Link to post
Share on other sites

Paper makes sense in some environments, e.g. teachers that get paper everyday anyway. But I agree, in other environments it is not practical at all. But there are other ways as well - first of all the goal should be that you don't have to distribute any passwords at all. If customers use Google email addresses, then you can use them for logging in without a password at all. This is also possible with Facebook accounts, LinkedIn accounts and also (though not very popular) with Office 365 accounts. Our feeling is that we should do Office 365 next. 

As for the QR codes, I am not even sure if it would be okay to send the images in emails. It might be unreadable for humans, but for robots QR codes are very easy to read. Maybe we'll leave this decision to the admins - a trade off between security and practicality. 

Link to post
Share on other sites

As my customers are corporate none of them use google email nor do they use facebook to login. If I choose to use email to distribute QR and/or passwords it entails additional work our end to extract these, compose emails and send them. 

We always use encrypted email with customers when sending any account credentials anyway

Link to post
Share on other sites

Second thoughts. When we send the QR code to the user cell phone inbox, it is useless unless that user takes a photo from the mirror! There must be an easier way where we can send the link to the play store that includes the credentials. If the user's email is the gmail account we can use that for authenticating the user. 

Link to post
Share on other sites
  • 3 weeks later...

QR codes won't help a user log into their web app from their desktop either, which my users want to do. I don't want to be manually setting every web password and then manually notifying the user - instead I would like to be able to choose if we send web password in email.

FWIW I have customised the domain email_welcome.htm to get this working again for my domain.

<p class="cText">To get to your web portal log into <strong><a href="https://{ssi htmvar domain}">{ssi htmvar domain}</a></strong> as <strong>{ssi htmvar extension}</strong> and your web password is <strong>{ssi htmvar password}</strong></p>

 

Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...