Provide admins ability to set first time password
closed
J
John (Chip) Voss
Some of our residents struggle with the registration process. It would be very helpful if admins could set a first time password. Then, upon first login the user would be prompted to change their password. This capability exists on many password protected systems.
Log In
Aggie Mitchard
I actually like NOT being able to set the first time password. Our previous website was like that, and it adds additional work and responsibility to the web admin. Most websites require you ...not someone else to set up your own information...
What I've done for my residents is attach a simple tutorial with screen shots and brief explanation of how to register. It seems to work well. I've also designated a few times where I can be available with a laptop at a community area (i.e. pool, clubhouse etc...) where they can come and physically be helped.
Wes Cossick
closed
While we understand how this feature could be beneficial in the right circumstances, we care deeply about security and have designed our software to ensure administrators cannot log into another member's profile. Introducing the ability for admins to know the password for another member, even if just temporarily, permits that admin to log into that member's profile and access the website under that person's identity.
An unscrupulous administrator could use this loophole for malicious intent. By not creating this type of loophole, we protect members from harm while also protecting admins from false accusations of this type of activity.
Additionally, this loophole would allow an admin to modify a member's contact and privacy information in a way that could be undesirable to that member—without that member knowing.
For all of these reasons, we do not plan to implement this type of feature.
To learn more about how we lead the industry in security, see: https://help.hoa-express.com/en/articles/2340910-how-we-keep-data-safe-and-secure.
Bernie Gleason
Wes Cossick: You are going to continue to get suggested solutions such as this one (i.e., let admins assign passwords) until you finally recognize that your facilities for managing resident data DO NOT satisfy the needs on the community you are supposedly serving. It time for HOA-E to address those needs while still maintaining your security standards. It can be done.
J
John (Chip) Voss
Wes Cossick:
Wes -
I do not buy your argument against allowing administrators the ability to set a first time password. I worked in banking for 30+ years for large regional banks, the last 15 as CTO or CIO. The ability to set a first time/one time password was critical to being able to service our employee and non-employee clients. Clearly the data banks deal with is orders of magnitude more sensitive than that within an HOA website. Additionally, larger banks are subjected to seemingly continuous audits by internal auditors, external auditors, and up to 4 different federal banking regulators (FRB, OCC, OTS, FDIC). The issues they raised relative to password management never included the use of first time/one time passwords. Instead they were concerned about such things as password complexity, how often a user was forced to change their password (password life), and password reuse. So with all due respect, I submit that HOA-Express' password "system" is less secure than you believe and you overstate the risk associated with first time/one time passwords.
Dave Killingsworth
Absolutely agree. Our community is having issues with the registration process as well.
P
Petti Van Rekom
We also have many senior residents; so this capability would be useful.