Password Reset Security Functionality

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

6/25/2013 1:28:48 AM

VK_ASIA

Total Posts 19

View Posts

Password Reset Security Functionality

Hi,

In case of 'Forgot Password' functionality, password emailed to user after validating questions. Is there any possibility that instead of password, a password reset link should email to user for resetting password ?

Thanks

6/25/2013 10:02:52 AM

Jamie E

Total Posts 1203

View Posts

Help support mojoPortal!
Add-on modules

Re: Password Reset Security Functionality

Go to Administration, Site Settings, Security. Uncheck "Allow Password Retrieval", and check "Allow Password Reset". There are quite a few other settings in security that you should review and make sure they are appropriate for your site.

Hope that helps,

Jamie

6/26/2013 4:11:03 AM

VK_ASIA

Total Posts 19

View Posts

Re: Password Reset Security Functionality

Thanks Jamie for your quick response.

But in security settings i am getting only ' Allow Password retrieval' option but no where to find 'Allow Password Reset' option.

Thanks

6/26/2013 6:29:42 AM

VK_ASIA

Total Posts 19

View Posts

Re: Password Reset Security Functionality

Hi Jamie,

I was reading your article

https://www.mojoportal.com/user-password-settings.aspx

and seems that 'Allow Password Reset' will certainly work for me but after checking my security settings thoroughly no such setting is available to me.

Thanks

6/26/2013 6:43:02 AM

VK_ASIA

Total Posts 19

View Posts

Re: Password Reset Security Functionality

Hi Jamie,

Even the 'Allow Password Recovery' and 'Require Password Change After Recovery/Reset' option also suits me but again on my security settings none of these setting is available to me.

Thanks

6/26/2013 7:19:52 AM

Joe Audette

Total Posts 18439

View Posts

Re: Password Reset Security Functionality

With plain text or encrypted passwords recovery is what works not reset, but you can check the box to force the user to change the password after recovery.

If you want only reset then use hashed passwords which can only be reset, they cannot be recovered because they cannot be decrypted, so when hashed is configured reset is the only available. You can also check the box to force the user to change the password after they login with the reset password. In either case the recovered or reset password is sent to the user email so its can be a good idea to require them to change it after reset or recovery.

6/26/2013 10:45:43 PM

VK_ASIA

Total Posts 19

View Posts

Re: Password Reset Security Functionality

Thanks Joe for your response.

My Password format configured in security settings is 'Encrypted in DB'.

Another setting only available to me is 'Allow Password Retrieval' and 'Requires Question and Answers'.

But i want to use the 'Allow Password Recovery' and 'Require Password Change After Recovery/Reset' options but none of these options are available to me on security page.

Any help to make visible or available 'Allow Password Recovery' and 'Require Password Change After Recovery/Reset' options on my security page ?

Thanks

6/26/2013 11:27:45 PM

VK_ASIA

Total Posts 19

View Posts

Re: Password Reset Security Functionality

Hi Joe,

Just to share, my site is on 2.3.3.9 MSSQL version of MojoPortal.

Thanks

6/27/2013 8:53:11 AM

Joe Audette

Total Posts 18439

View Posts

Re: Password Reset Security Functionality

You are running an old version from 2010, we did not have the option to require password change after recovery/reset back then.

you might consider upgrading as long as your database is SQL 2005 with all service paks or higher. We dropped support for sql 2000 I think in version 2.3.4.8.

I recommend review the upgrading article as well as the release notes for all releases since 2.3.3.9 and the Important Skin Changes article, then if possible upgrade to the latest version of mojoPortal. Be sure to back up both your site file system and database before upgrading so it it is possible to restore to your current version if something goes wrong.

7/1/2013 3:35:57 AM

VK_ASIA

Total Posts 19

View Posts

Re: Password Reset Security Functionality

I agree with your solution.

Thanks a lot Joe.

8/21/2013 8:56:49 AM

Lars Rathje

Total Posts 137

View Posts

When enough isn't

Re: Password Reset Security Functionality

Hi,

A related question: How can I force users to sign in again after going to the change password page?

More details:

- I have managed to give new users a preliminary password and to set the force password field in the database, so people are indeed forced to change their passwords using the prelimenary one.

- But some other session related functionality is not working - maybe because the user has changed his password

- So I'm thinking I could force the user to logoff and logon again with the new password before continuing on my site

I hope this is understandable ..

Best regards

Lars

You must sign in to post in the forums. This thread is closed to new posts.