Question

Photo of Ken Roach

0

How can I email a user their current username and password?

1

I can see usernames and passwords in the UserLogin file.  The password is encrypted.

If I set the user's new password, then there is no probelm - I know what it is.

If a password is already set, I could say "This is your username: xx. Login with your password.  If you have forgotten it then click the 'Forgot Account' link on the login page (or click Here) to reset your password."

OR, if a password exists, is there any way I can decrypt the password so that I can send the user an email that says, "Your user name is xxx and your password is xxx"?

 

 

  • Photo of Jim Michael

    1

    While the utility of such a feature might be enticing, I sure hope there's no facility to do it in Rock. As a primarily-IT guy, that kind of security risk gives me the willies and would compromise the integrity of the system. There's a big difference between resetting a user's password and sending it to them vs. knowing (finding out) what their current password is... the latter could be used on other sites (a no-no, but let's be realistic here and admit that many people re-use favorite passwords.) And sending them their "real" password in-the-clear via email (which again, is a password likely used on other sites) is even riskier.

    The built in "forgot account" functionality works so fast that I'm not sure why a user would have trouble with that. That said, resetting a user's password to something TEMPORARY and emailing it to them would be a fine compromise IF Rock had the ability to let an admin enable "user must change password on next login" on their account. That way a temp password could be created and sent to the user, which could be used ONCE for them to log in, and they'd be prompted to reset it themselves... so again, YOU don't know their password.... but currently, Rock doesn't have that feature (hmm... good feature request!)

    • Comments

      Great answer, Michael. Thanks. I like the idea of 'temporary password reset.' I also like the idea of a 'temporary user name' that could be changed. I'm actually trying to work out how to engage with a user in a workflow that has filled in a registration form on the external page, exists as a Person in the database, but does not yet have a username or password. The only way I can think to connect the user to the workflow is if I assign the person a username and ask them login. If they create their own login profile this is obviously not linked to a Person. So how do I set the username? Email address? But what about people who share email addresses? FirstName + Initial? + number if that username is already used? Thougts?

      • Jay Greentree

        Jay Greentree

        One thing I will note:
        in Rock if a user creates an account Rock will search for that person's email and if it finds that person they are given the option to link the username with the information in the database. Hope this helps you out a little.