Thanks for the detailed explanation Martijn. I'm glad you are considering this option in the future releases as no admin intervention in password reset would be helpful.
dom -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of martijn Sent: Wednesday, January 27, 2016 11:11 AM To: [email protected] Subject: Re: [Djigzo users] otp portal password retrieval On 25-01-16 15:22, Dominik Myslinski wrote: > is there a way for the user that created portal password to reset or > remind it in case they forgot it ? otherwise it'd have to be changed > statically or user deleted and re-created? That is currently not supported. Security wise it's better to have a person reset the password because with a forgot password option, there is more room for an attacker to intercept the password. That said, we might add this feature to upcoming releases. About resetting the password, if you are using the OTP mode, the best is to clear the users portal password. The next encrypted mail will then allow the user to setup a new password for the his/her account. The previous messages can still be read because the "Client secret" is still the same. If you delete the complete user, a new "Client secret" will be created for the user. The passwords for the old PDF encrypted messages (with OTP mode) can then no longer be retrieved because they were created using a different "Client secret". Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer. _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
