Input wanted: Changing a profile's password

  • Written by Dieter Wyns on Wednesday 28 January 2015
  • 5 comments

Our core technical people have a meeting each month to discuss new implementations, merge pull-requests and view open issues. Last meeting in December, while reviewing the pull-requests we came across an implementation of Jeroen Desloovere about notifying profiles, see #971.

His changes would affect the way you can edit profiles in the backend. It adds new settings which allow an admin and the profile to get notified when a profile changes. A nice new feature!

During the review we stumbled into a new discussion about the functionality of changing passwords of a profile in the backend. Some argued it would be enough if you could reset a password. In this way the administrator would never know the password of a profile which is a very nice security principle.

What do you think, should an administrator be able to edit a password? Or just have the ability to do a reset?

Comments

Jesse D.

Jesse D. wrote 9 years ago

I believe that the admin should be able to edit the password of a user. I checked in Wordpress, Concrete5, Magento and Opencart and they all seem to have a password field that you can edit. You can't edit the previous password (obviously), but you can enter a new password for that user.

Why not [make it both possible](http://cl.ly/image/472O0T3t0y23)?

Wouter Sioen

Wouter Sioen wrote 9 years ago

I think the Magento example looks good.

Jacob

Jacob wrote 9 years ago

I agree with the Magento example. It is nice to create a random password, but also nice to set one.

Waldo Cosman

Waldo Cosman wrote 9 years ago

Edit a password looks a good option to me.

John Poelman

John Poelman wrote 9 years ago

Magento +1!