How many of you allow your users to change their passwords? If you do, how do you keep track (or do you?) of what they've changed it to?

I'm thinking of allowing this option - but that causes some concern regarding support issues.


--Tina

We don't track the passwords. That defeats the purpose!

If someone looses thier password or somehow messes it up, the only thing we do is generate a new password for them. Then they can change it to what they want.

Originally posted by Jaiem
We don't track the passwords. That defeats the purpose!

If someone looses thier password or somehow messes it up, the only thing we do is generate a new password for them. Then they can change it to what they want.


Okay, but what do you do about support? For example, if someone tells me they can't FTP into their site - I check to make sure it looks like everything is okay....and then I actually log into their account via FTP.

Without knowing the password - I wouldn't be able to log in as the user.

--Tina

I've always thought about that... if they request a new addon to their account and need to provide their password and they changed it recently... how would you know it's correct besides loggin into their account to make sure?

I still say it's worth it to let them change passwords and you not know it. If they lose it then you generate them a new one.

Originally posted by AffordableHost

Without knowing the password - I wouldn't be able to log in as the user.


If they lost a changed password, you'd just have to telnet in and as root assign the user a new password.

If I thought for a minute that password changes were being logged by my hosting company, I'd change hosting companies.

If you need my password to check something I've reported as a bug - ask me for it. That way I know you have it, and I can change it when we are through.

-t

One solution is to give your customers a choice. Tell them you will have to assign them a new password so you can test a feature and that they can change it back to one of their choosing when you are done, or you can use their current password, which would require them giving it to you.

That way you can best accomodate all your customers, those who would rather not have to change their passwords and would prefer to trust you with their present one and those who wish to maintain the utmost secrecy and control over their accounts, including who knows their user passwords.

Originally posted by c0bra


If they lost a changed password, you'd just have to telnet in and as root assign the user a new password.


Yes, that's exactly my point.

--Tina

I personally think that as a support perspective it can be annoying to have to ask or wait for a password to test something on their level and that is a common thing to do with support issues. Therefore, if you do, simply have some notice explaining that they will need to provide you with it. Once their problem has been solved, they can change it.

In fact, they can change it to a temporary password to allow support to test things and change it back to the one they want to keep if they want to keep it only known to themselves -- and I believe that's perfectly okay/fine in my opinion. Since I think we all agree their password is none of our business and we don't need or want to know it otherwise. (not unless we need it for support, a move, or whatever). If they fail to provide it, that's basically their own fault for any delays, as long as it's made clear. Worst case scenario, is that you will have to at least change it yourself to test or set something up and simply ask them what they want it at then, tell them what you changed it to, or in some manner to allow them to change it back or to something else when you're done.

Finally, my opinion about passwords, is to not allow user's to change them anyway. This creates not only support issues (which I wouldn't care to ever know it when it's even generated and assigned to them anyway -- and I'd still have to ask for their password, because it's none of my business otherwise), but it creates a bugger issue of security problems. I'm sure we all know and agree, that a high percentage or hosted client's choose horrible passwords.

In fact, probably 40%+ of the people that choose their own passwords, would be able to be breached by using some simple network/Internet password cracker that guessed anywhere from 4 to 8+ passwords a second to an FTP/email (etc.) server and would get into their account within a few minutes or hours. From there, you have a malicious individual that is *in* your server and has all the access this user does, of course.

This is a big problem and if you can get away with it, I'd have a program or script generate some very good passwords and at least suggest to people (if you do offer them the ability to change them) that they leave them as they are. of course, having stale passwords over a long period of time is also not a good idea, in case anyone ever did manage to grab the master password file and start running a crack program on it for weeks. However, that's sort of trivial, when most user's choose poor passwords in the first place and most accounts can be compromised in a matter of minutes or hours and possibly seconds.

If you do allow them to change them, I'd suggest to definitely (which I'm sure you intend to anyway) SSL connections -- which many hosts offering this do not! -- and have it do some sort of checking to only allow them to set a decent password, or you can be asking for trouble. However, having it check in that manner, could possibly really annoy and frustrate these user's that just want to type in their dog's name and move on. Well, that's my thoughts on it, I'd try and avoid it, or suggest otherwise, if I was in that situation...