Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
who and how generate new passwords?
- Thread starter johnjames
- Start date
John,
Normally the way I handle this is that in your user table, you set up a USERLEVEL field (minimally with a Normal user designation and a Special user designation). Then if it's a Special user, add a menu item that allows access to the Add User form. (Or you can start with it in the menu, and remove it if it isn't a Special user. Or you can use a Skip For clause in the Menu, so it's just disabled for non-Special users. You can pick which method is appropriate, depending on what you and/or your users think is "right".)
Rick
Normally the way I handle this is that in your user table, you set up a USERLEVEL field (minimally with a Normal user designation and a Special user designation). Then if it's a Special user, add a menu item that allows access to the Add User form. (Or you can start with it in the menu, and remove it if it isn't a Special user. Or you can use a Skip For clause in the Menu, so it's just disabled for non-Special users. You can pick which method is appropriate, depending on what you and/or your users think is "right".)
Rick
I generally create a group of users with admin capability and then give them access to the users table, not able to read existing passwords, but able to 'reset' them.
I often make this reset function set the password to the day of the week that the reset is performed, and make it valid for just one day (so the user has to change it straightaway). As a 'wrinkle' you can change a random letter or two into a 'special' character such as $ or
@ or !. But with some user comunities, even the day of
the week represents a problem!
It's a balance between usability and security.
Regards
Griff
![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
I often make this reset function set the password to the day of the week that the reset is performed, and make it valid for just one day (so the user has to change it straightaway). As a 'wrinkle' you can change a random letter or two into a 'special' character such as $ or
@ or !. But with some user comunities, even the day of
the week represents a problem!
It's a balance between usability and security.
Regards
Griff
Oh, one other tip. Backdoors.
If you are expected to give telephone support, make sure you have a way to get in yourself. For this, I generally use
an activation style approach - get the application to present a 'random' number that you can get the user to read back to you. Have a program on your own machines that can process the number and return a password, this you can get the user to enter on your behalf in an emergency.
They can be sure that you can't do it without them, and you can be sure that they can't use it when you're not on the end of the phone.
No I won't give you any clues as to suitable algorithms, but keep them simple.
Regards
Griff
If you are expected to give telephone support, make sure you have a way to get in yourself. For this, I generally use
an activation style approach - get the application to present a 'random' number that you can get the user to read back to you. Have a program on your own machines that can process the number and return a password, this you can get the user to enter on your behalf in an emergency.
They can be sure that you can't do it without them, and you can be sure that they can't use it when you're not on the end of the phone.
No I won't give you any clues as to suitable algorithms, but keep them simple.
Regards
Griff
- Status
Similar threads
- Question
- Locked
- Question