0

When you click on the 'Generate new password' button, on Kentico's 'User' application's Password tab.

The password is sent out in clear text via email. We want users to change their password the first time they login. Is there any suggestions on how to achieve this?

We use Kentico 11's with ASPX template and I have access to the code and database. I've checked the documentation and there is no built in setting to do this.

Thanks

Goldhawk
  • 35
  • 5

2 Answers2

0

Create their accounts and set their passwords to a very strong password.

Have the users click "forgot password". This will force the user to change their password, and they won't be able to log in until they go through that process.

brog
  • 21
  • 1
  • 4
0

Another option would be setting some passwords for the users and then setup either password expiration or password policy - so the passwords will not meet one of these and they will be asked to change the password using the password reset.

jurajo
  • 937
  • 5
  • 5
  • In the past 3 months we have used Kentico's password policy feature to strengthen passwords. My organisation were given recommendation to help increase password security. This was one of them, along with resetting auto-generated passwords on first use. – Goldhawk Mar 03 '20 at 09:18
  • well, you can auto-generate the passwords using the code so they do not fit the strong password policy - then on the first login, the user will be forced to generate the strong password according to the policy. – jurajo Mar 03 '20 at 09:49
  • Altering the 'GenerateNewPassword()' method in the following location, to use one that doesn't comply to the password policy. Seems to be the best solution. \CMS\CMSModules\Membership\Pages\Users\User_Edit_Password.aspx.cs We are not updating our version of kentico, so we don't need to worry about overwriting any changes – Goldhawk Mar 09 '20 at 10:03