They may have a party Sales, at least in my systems, the login is email addresses. it is harder for dictionary attracts to be effective.
Mike sent the following on 7/30/2011 7:41 AM: > There must be something more. Any organization would have generic > logins, like "sales", or it would be easy to guess employee logins > from the "about us" page. It makes sense that the password reset > should be intended ONLY for customers, not (any) system-type login. > > I would think that the password reset feature should be limited to > certain roles, like "Customer". > > On Sat, Jul 30, 2011 at 4:00 AM, BJ Freeman <[email protected]> wrote: >> for production systems do not use "admin" as a lognin. >> it is never created. >> >> Mike sent the following on 7/30/2011 12:10 AM: >>> Why is it that *any* user can, using the password reset or "Forgot >>> Your Password" can actually force "admin" to change the password? Is >>> there a way to turn this off? >>> >> >
