Any chance of automating the CNC password reset process? It's incredibly frustrating to have a site locked out for up to 24 hours, both for the reseller and client. Thx.

Currently it would not be possible for this to be linked to complete a password update automatically.

There are also times when a lost password request may be submitted and we would not want the change to be completed due to other security related reasons.

I reviewed all lost password requests for Jun and July 2008 and with one exception all were completed in under an hour with the majority done within 10 minutes or less.

-Bob

Bob - I'm not questioning FQ's efficiency in resetting passwords. As a reseller however, it's difficult for me to have to tell a client that it could take up to 24 hours for them to gain access to their account (as I have no idea how long it will really take FQ to respond).

If you have a lost password situation and it is pressing then you can always send an email to the Service Desk alerting us to the submission, we always do try and complete password resets as soon as possible however we all have multiple tasks :confuz: and a heads up can sometimes speed up the process.

Automating this process is not something we have plans to do as I noted there are times when an automatic password reset would not be something we want done automatically and without requiring review.

-Bob

I want to chime in from a reseller perspective. I'm not sure what goes into a password reset on the back-end (I was completely unaware it is not an automated process), but if a client resets his/ her password and subsequently loses it, I (the reseller) cannot provide it to the client (nor can I access the account to reset the password). If the client has not lost his/ her password and requests some assistance, I look silly not being able to access the account. It would nice if this scenario was given some further thought.

Thanks,
Matt

Hi again Matt,

It is automated if done from the CNC Password Manager however lost passwords are not handled automatically.

They are not automated for a couple of reasons, both security related.

Currently there are no hooks in place for a single interface to update a password across all servers and putting one into place would be daunting at best from both a security perspective as well as time...

The second, and one we run into all the time, are situations where an account has had the password changed by us for security reasons and access cannot be provided until the site owner acknowledges the issue and that the new password be sufficiently secure and different then the previous password.

The second reason is why we have never considered automating this process and as I mentioned a site owner is always free to send a heads up to the Service Desk after confirming a lost password reset request and we will do everything we can to expedite the change.

-Bob

Hrm. I am not so concerned about the delay... more about how to handle the situation where a client makes the request directly inside the CNC (i.e. FutureQuest changes password so reseller no longer has access to account). It would be nice if such requests were sent (perhaps BCC'd) to the reseller. That shouldn't be too hard to implement and wouldn't require making any fundamental changes (just including the reseller in the exchange).

-Matt

A copy of the a password change request wouldn't do much for me. As a reseller I should have access to every resold CNC, at least as long as FQ requires that resellers provide support to resold accounts ...

When someone updates their password via the CNC no notification is sent to anyone, it is simply automatically updated.

Sending passwords via email is done once, when a package is first activated, and as a matter of security policy they are never sent again by email, this even includes when a package is up or downgraded.

-Bob

What about adding this info to QuestAdmin... that's a feature request. Can't help a client if we can't access their account.

-Matt

A "set a new password"-field in the QuestAdmin would really be a very nice and useful feature ;)

Again that would require hooks that are not in place and more importantly defeat the reason why we have not automated this process, security...

We have taken steps to ensure that almost all lost password resets will be done quicker then ever by tweaking our notification methods for these requests.

-Bob