Bingo!Mikerowaved wrote:I believe what he's saying is, when an admin creates a new account or changes a user's password, he selects a password for it. If a user never changes their password from that, the admin will know it.
I realize there are ways this can be avoided, such as always turning over the keyboard to the end user for password entry, but I see MLS's current setup as less secure then standard practice.
RussellHltn wrote:So MLS doesn't require the password to be changed when it's entered by the Admin? So it's possible that the Admin knows everyone's password?
I'd like to add a suggestion for MLS: add a "force password change on next login" check box like Windows does. Make it on by default when a new password is entered by the Admin.
Yes, there are ways to work around the problem. With the check box you can uncheck it and continue to use your existing methodology.Alan_Brown wrote:As an MLS administrator, the only time I create a user account is when the account owner is present.
Actually, any ward that is not following my workflow (or something very similar) is violating current Church policy, as well as reasonable security practices. So if an administrator assigns passwords, he is not "working around the problem" -- he is creating a problem by blatant disregard for policy. Remember that the Using MLS--Ward and Branch Instructions say: "User passwords should not be shared with others." Clearly a password is to be known only by the account owner.RussellHltn wrote:Yes, there are ways to work around the problem. With the check box you can uncheck it and continue to use your existing methodology.
But this change will encourage wards that don't follow your workflow to be more secure.
Corporate environments don't typically deal with a single application installed on a shared computer, so it's not really the same situation. Besides, even if someone gets suspicious after unauthorized entry, the confidential information has already been leaked, so knowing that it happened didn't prevent a thing.RussellHltn wrote:The hole created is very small. It would require 1) that the password assigned be known or guessed without locking them out of MLS and 2) that no one gets suspicious that the assigned password does not work (because a new password was required when the bad guy used it.) This is no different then how new accounts are handled in a corporate environment.
I can see it that way, but I don't see much of anything that guides the novice admin in that direction.Alan_Brown wrote:Actually, any ward that is not following my workflow (or something very similar) is violating current Church policy, as well as reasonable security practices.
I certainly agree that your suggestion improves security in units that have a practice of the administrator setting the password and telling it to the user. I still think that's not a good practice, but in cases where that's done, forcing a password change is a distinct improvement.RussellHltn wrote:My suggestion simply adds more tools to the toolbox. I don't see it in any way creating a bigger problem. If the MLS developers disagree, then they can redesign the screen and help file to make it clearer that the admin is to hand over the keyboard at that point.
Absolutely!RussellHltn wrote:I think we both agree that the case of the admin assigning the password and the user not changing it is a problem that probably should be addressed in some way.
Wow. I missed all the fun while I was at work today. [grin]RussellHltn wrote:So MLS doesn't require the password to be changed when it's entered by the Admin? So it's possible that the Admin knows everyone's password?
I'd like to add a suggestion for MLS: add a "force password change on next login" check box like Windows does. Make it on by default when a new password is entered by the Admin.
There is no concept of the Admin. So any reference to "the Admin" is really a reference to "any Admin."lajackson wrote:How would MLS know if the Admin changed the password, and not an Admin? I agree with the concept, but as an Admin, I would not want to have to change my password every time I changed it because I entered it as an Admin.
This is indeed how MLS works now. The proposed feature would give the Admin a way to make sure that the user would indeed change their password when they next logged in.lajackson wrote:I like the idea of creating the login while the user is there and having him type in his password. If the user is not there, I have no problem creating a login and telling him to change his password when he logs in. As Admin, I cannot tell if he does or not (unless I try his old password, which I would not keep anyway).
Your initial post really didn't tell us that you were two hours away, so we could easily assume you were going to meet the user at the computer. So now that we know that you weren't present, I'll take the bait: How did you get someone into MLS remotely when they had forgotten their password?lajackson wrote:What actually surprises me is that no one has asked how I sprung a clerk two hours away into MLS so that he could change his password.
I am losing my marbles. I missed the part about the checkbox. Makes sense now, except that I probably would never use it.Alan_Brown wrote:... what is being discussed is a new feature for MLS whereby as a User is edited, there would be an optional checkbox
Your initial post really didn't tell us that you were two hours away, so we could easily assume you were going to meet the user at the computer. So now that we know that you weren't present, I'll take the bait: How did you get someone into MLS remotely when they had forgotten their password?