Disable Local Passwords

[zebo51 15]

I have seen posts refering to disabling local passwords, but I can't find where that option is.  Running Version 3.0.5464.40000.

 

My end result is when accessing on my local network to not require passwords, then when accessing from the outside require one. 

 

Right now I have one account which has admin control.  I cleared the password so I don't need to log in each time internally.  I would like any account accessing externally to require a password and possibly only have read access.

 

Thanks

 

 

[Scott84Z28 39]

In the servers web console, click on Users, then click the user in question.  Then click on Password, and click Configure Password.  This opens a new tab where you can configure the password, then lower on this page click Local Access.  Here is where you can say that this account doesn't need a password when accessing via the local network.

[bigjohn 656]

I can't be 100% certain about all of this applying to that version, but on version 3.0.5482.1 I think the ability to choose Local Password not required is only available on an account-by-account basis, and also only shown as an option when the account has a password set.

 

In the dashboard, choose Users

pick a user

go to Password > Configure Password

If no password, set a password

you should then see the Local Access section at the bottom of the user profile

[zebo51 15]

Fabulous, I was looking there and even set a password once but I guess I didn't scroll down far enough to see "Local" and expand it.

 

Now just need https support, doesn't matter how long or complex your password is, still clear text .

 

Thanks

[ebr 14921]

Now just need https support, doesn't matter how long or complex your password is, still clear text .

 

No it isn't.  We never send passwords in clear text.

[zebo51 15]

No it isn't.  We never send passwords in clear text.

So how is it encrypting it if I access via a standard web browser?

[bigjohn 656]

So how is it encrypting it if I access via a standard web browser?

 

Passwords are always hashed before they are sent from any of our clients.

[floodi 1]

It's not a proper encryption if I understand correctly. If I can sniff the hash, then I can use that account the has belongs. Encryption needs support from both the client and the server. That's why https is required. With it I cannot steal the hash anymore. And it looks like MB now supports https [emoji2]