I have a question about the "allowPasswordReset" setting in umbraco 8.
So, the feature can be used to turn of the ability for umbraco user to reset their own passwords
I would like this feature, as we don't want users such as editors to be able to change their password.
But I'm worried that If I turn this setting on, then we could end up in a situation where all admins lose their passwords, and we would essentially be locked out of the database.
Is there a way to circumvent this issue? Perhaps by enabling this setting, but somehow not for admins?
The issue at hand is that some editors are actually groups of people in a larger organisation that are very non-tech savvy, they are given passwords by admin
Sometimes the individual editors that use the login forget the password and change it manually, thus locking the rest of their small group out.
For this reason we would want admins to have full control over the passwords
So would the admin then send the password? If so the is extremely insecure!plus you really shouldn't be sharing passwords, each editor should have their own account.
allowPasswordReset = false, but not for admins?
Hi everyone
I have a question about the "allowPasswordReset" setting in umbraco 8.
So, the feature can be used to turn of the ability for umbraco user to reset their own passwords
I would like this feature, as we don't want users such as editors to be able to change their password.
But I'm worried that If I turn this setting on, then we could end up in a situation where all admins lose their passwords, and we would essentially be locked out of the database.
Is there a way to circumvent this issue? Perhaps by enabling this setting, but somehow not for admins?
Seems a very odd request, how will you deal with an editor who forgets their password?
An admin would create them a new one.
The issue at hand is that some editors are actually groups of people in a larger organisation that are very non-tech savvy, they are given passwords by admin
Sometimes the individual editors that use the login forget the password and change it manually, thus locking the rest of their small group out.
For this reason we would want admins to have full control over the passwords
So would the admin then send the password? If so the is extremely insecure!plus you really shouldn't be sharing passwords, each editor should have their own account.
Or share the password via a password manager, which is shared organization wide.
There are many solutions to this around umbraco
is working on a reply...