Changing temporary password at first login

Topics: Corporate Intranet Edition, Internet/Extranet Edition
Oct 14, 2008 at 9:06 PM
Thank you for the CKS FBA - it is a godsend. :-)

I am trying to implement the CKS FBA and one of our requirements is that the user must change their temporary password on first login.  You mention the temporary password in "Administering Users - New Membership Request," but what I can't find is any setting in the web part settings to address changing the temporary password on first login.  This is a pretty big deal for us.  Would we need to custom code this functionality or am I just overlooking something in the configuration that you could point out to me to address this?

Thank you so much!

j
Developer
Oct 14, 2008 at 11:48 PM
Hi j,

To my knowledge there is nothing to force the user to change their password on first login because there is no counting or timeout code. The "Temporary Password" is merely one we assign and invite the user to change the password or provide the ability to change the password. Might I ask, why? the password is randomly generated and I think its overly complex, which is reason enough for anyone to change it to something meaningful and hopefully still complex. In any case the system does not record this password in an unencrypted form (its a one way hash). So, you may want to encourage them to change it by documenting the requirement, otherwise you will need custom code.

Anthony
Oct 15, 2008 at 1:53 PM
Hi !

Something you could do is to set, in the email sent with the "temporary" password, a link to the site arriving directly on the page you designed with the changepassword webpart. Thus, the user will click to access the site and see he has to change his password (you can also add a text explaining he has to do it). Of course, the user can skip this step, but he will strongly be incited to make the change.  :o)
And anyway, as Anthony said, I don't know anyone who want to keep the generated password...
Oct 15, 2008 at 2:09 PM

Anthony - thank you for the quick response.

The reason we would want to force users to change the password on first login is because we are not allowing self-registration, and to minimize the user managment effort for our site managers the "temporary" password will be generic and the same for all first time users of the site. 

I will pass this info on to our developers so they can work on a custom solution.

Many thanks!

j