John's Blog: Forgotten Passwords

July 20, 2012

Inevitably, end-users will forget passwords. Here are a few tips for what you as a Rumpus server administrator can do when it happens.

Best Practice

In environments where security is critical, the best practice to follow when a user forgets a password is to generate a new password, assign it to the account in Rumpus and communicate the new password to the user. By following this procedure, there is no need to lookup user passwords, and if the forgotten password has been compromised (for example, if a post-it note with the password was lost) resetting the password avoids the possibility that it will be used to gain access to the system.

Administrator Lookup

As the primary Rumpus server administrator, with access to the Rumpus control application, you can manually lookup user passwords. Open the Define Users window, select the user account in question, and press command-e, for "Expose password". A dialog box will open displaying the selected user account password.

iPhone Lookup

Administrators can also lookup user passwords using the Rumpus iOS app, available in the App store. The feature first needs to be enabled in Rumpus, by turning on the "Allow Mobile Users To View User Account Passwords" option on the Network Settings window, "Remote Admin -> Mobile App" tab. Once enabled, you can lookup passwords by accessing the user account and tapping on the magnifying glass icon next to the password field.

Automating User Password Lookup

Rumpus also includes a feature which allows users to have their login information e-mailed automatically. Setup of the function takes a few minutes, but for the administrator, allowing users to lookup their own passwords can be a big timesaver.

In order for a user to receive their login details by e-mail, Rumpus needs to be supplied with the e-mail address. So first, make sure all user e-mail addresses have been entered on the User Info tab of the Define Users window.

Next, define an Event Notice which will be used to send the information to users when requested. Set the notice up normally, with your own e-mail address as the "Mail To" address. Rumpus will automatically set the "Mail To" as needed when sending the password lookup messages, so using your own address isn't required but makes testing the notice easier. The mail subject should be set to something easily recognizable when end users receive the message, like "Your Rumpus Password", and the message body will need to be set to include the user's account information. On the "Custom Message Body" sheet, choose "Forgotten Password" from the "Event Type" menu and Rumpus will supply a simple default message that includes the needed information, which you can then customize as needed.

Finally, open the Web Settings window, flip to the "Options" tab, and check the "Enable Forgotten Password Lookup" checkbox. Select the Event Notice you created for the purpose from the "Using Notice" list, and you're done.

When users connect, a "Forgot Your Password?" link will be added to the Rumpus login page, which users can click to access the forgotten password form. All a user needs to do is enter their Rumpus user account name or their e-mail address, and Rumpus will send the information automatically.

© Copyright 2018, Maxum Development Corp.