27 Jan
2016
27 Jan
'16
5:11 p.m.
On 25-01-16 15:22, Dominik Myslinski wrote:
is there a way for the user that created portal
password to reset or
remind it in case they forgot it ? otherwise it'd have to be changed
statically or user deleted and re-created?
That is currently not supported. Security wise it's better to have a
person reset the password because with a forgot password option, there
is more room for an attacker to intercept the password. That said, we
might add this feature to upcoming releases.
About resetting the password, if you are using the OTP mode, the best is
to clear the users portal password. The next encrypted mail will then
allow the user to setup a new password for the his/her account. The
previous messages can still be read because the "Client secret" is still
the same. If you delete the complete user, a new "Client secret" will be
created for the user. The passwords for the old PDF encrypted messages
(with OTP mode) can then no longer be retrieved because they were
created using a different "Client secret".
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter: http://twitter.com/CipherMail