CChris 58 Posted March 5, 2019 Share Posted March 5, 2019 Hi, I just questioned myself, why there are two options available for handling user-passwords in the user section of the admin panel. 1) Change password -> you need to provide the current password of the user in order to change it (even with administrator rights) 2) reset password -> you don't need to know the current user password. As administrator, you should always be able to change the password / reset the password without knowing the current password of the user.For sure, if the user itself wants to change his password, he should be asked for his current password for safety reasons, but as administrator, I do not always know the current password - and if the user requests a password change, because he lost his password, you should only be able to reset the password or set a new one.The other option would be, that the administrator can't even change the user-password by his own.To make sure, that only the user knows his password, there should only be an option to reset the password - which will send an email to the user where he can reset / change his password.Just thinking about how it can be assured, that the administrator does not change the password due to an "invalid" request from a not authorized person... ?!You know, what I mean? Link to comment Share on other sites More sharing options...
Luke 37289 Posted March 5, 2019 Share Posted March 5, 2019 Reset removes it so that it is blank, but yes, they could be consolidated. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now