I have an installation of FreePBX, and I’m about to roll it out to all users. What I’ve found difficult is the functionality of resetting a user’s UCP password.
When I first set up the system, which was a good 5 months ago, users may have gotten an email with their login password, but as UCP hadn’t been implemented (or at least installed) yet, they probably disregarded the email.
Now, I’m ready to switch over to UCP, and I would like an easy procedure to reset a user’s password, have the system send them a temporary password, then they would be required to change the password upon first login. Currently, if I select the option to send the user a welcome email, their password shows <hidden>
. I understand exactly how bad of a practice it is to send passwords in cleartext, which is why I’d like to have a requirement to change their password on first login. Also, if I go through all of my users and set their passwords to something random and manually send them an email, I have to a) manage all those passwords and emails, and b) I have no way to ensure that they don’t just keep that password.
In my ideal world, I’d be able to right-click on their username (or select an option in the user management screen) that would generate a random password for them, send said password in email, and invite them to change the password upon first login. Additionally, this temporary password would expire after a set amount of time, so if it is intercepted, and the user never logs in, then there is no need to follow up with each user to ensure they updated their password. People whose temporary logins have expired can just contact the helpdesk, and a new reset request can be sent to their email address.
I realize this isn’t a small procedure, but it’s very much the standard for most sites requiring a password. The administrator never needs to know the user’s password, and all communications with the permanent password are encrypted via SSL. (I have my installation set to SSL only.)
Are there any parts of the scenario above that are currently available? For the short term, it would be great if I could manually enter a new password for them and have that password emailed to them. Then I could stand over their shoulder and make sure they change it to something else, and I don’t think it would be all that difficult to change the <hidden>
message in the email to their actual password. (There may already be a switch in place of which I am unaware that will do this.)
Long term, it would be wise (and super great) if FreePBX could consider a temporary password feature, so that we can have good user security.
Thanks in advance for any advice you could offer me. Have a great day!
-Craig