Developer forum

Forum » Feature requests » Password reset link

Password reset link

E-mail notifications
Remi Muller
Reply
Posted on 28/10/2014 14:08:16

Can you consider implementing a way to reset the password by a link.

Today it happens sometimes that an account is reset by another user (by accident).
The problem is that the password is already reset and the user is forced to use the new password and set it back if he wants.

What i rather see is that the user is sent a password reset link. If the link is clicked the user is presented with a page to reset his password.
If the user ignores the reset mail with link the original password is kept.


Replies

 
Finn Frost
Posted on 17/11/2014 10:19:22
Reply

+1

 
Morten Bengtson
Posted on 17/11/2014 11:06:07
Reply

+1

 
Finn Frost
Posted on 17/11/2014 11:13:07
Reply
This post has been marked as an answer

It seems to be on the roadmap/pipeline for DW 8.6 - as Mikkel Ricky wrote in my other similar thread:
http://developer.dynamicweb.com/Default.aspx?ID=2&CategoryID=38&ThreadID=38372

 

Votes for this answer: 1
 
Jesper Nordestgaard
Posted on 18/11/2014 09:36:38
Reply

We have just release a reset password feature. It's avalible in hotfix 8.5.1.2 (Please contact support if you need it now)

The password-reset feature will be general avalible from Dynamicweb 8.6 released the 27th of Jan 2015.

Reset password feature description:

  • Current functionality must remain unchanged, to ensure backwards compatibility with the sites already in products. This means that we will re-use the implementation already available, but in such a way that it can be configured in the backend, instead of in the templates.
  • Add "Login" setup to Extranet paragraph settings page.
    • Template
    • Multiselect box with user fields required additional fields for password retrieval. Question and questions answer fields are handled as manually created additional fields. The following User-columns are avalieble in the multiselect box: UserName, Email, Phone, Fax, Address, Address2, Zip, City, Country, Company, PhonePriv, Mobile, LastName + all manually created fields.
    • Forgot password action:
      • Send existing password
      • Send new password
      • Send link to reset page
    • Forgot password email settings - this should include the usual settings, such as sender email, subject, email template, etc.

 

Hope this helps

Best regards

Jesper Nordestgaard

 

 
Christian Fisker
Posted on 16/12/2014 09:36:36
Reply

Will passwords continue to be hashed/encrypted with a simple MD5 encryption or will you upgrade this to f.ex. SHA256 with random salt?

https://crackstation.net/hashing-security.htm

MD5 is much to vulnerable for modern websites.

 

Thanks,
Christian Fisker

 
Hans-Henrik Stefansen
Posted on 04/02/2015 09:44:46
Reply

Hi Christian,

We have implemented support for SHA512 hashing of passwords from DW 8.5.1.13 and forward.
The hashing algorithm can be explicitly set for both Extranet and Administration users.

When the hashing algorithm is changed, already MD5 hashed passwords will be re-hashed as the users login.

Best regards
Hans-Henrik Stefansen