Contents

Introduction

As of this release, we have abandoned the " default password " for security reasons.
This means that where we create new passwords, the system will generate a random password which a user can use to set a new one.

It also means some processes are a little different than before, because we do need to disclose these random passwords so they can be used.

The purpose of this document is as basis for the external release notes, therefor it focusses on admin, supervisors and agents.

What did not change

• If the user knows their old password, or when the user has an email address configured in setup, the password reset page on the App Portal can be used as before.
  You either use the old password and select a new one, or you can request an email with a temporary reset link.
• Password reset links are only valid for approximately 10 minutes
• Accounts for which passwords are randomly generated are disabled until the reset their password (same as before where we reset it to a default password).

Changes

Password reset generic

• All accounts (admin, agent, wallboard) now have an optional email address field.
  If filled out, the App Portal page can be used to request reset email, or information for generated passwords is sent.
• All account pages (admin, agent, wallboard) now have a 'reset password' button, before it was only for agents:
  
• If the account(s) for which the user wants to reset passwords have an email address configured, there is an option to not reset it, but only sent out a reset link.
  This is similar to the agent password reset before.
  (screenshot from Supervisor application, is similar to Setup)
  
• When resetting/creating one or more passwords, after deploy a new popup is shown with the randomly generated passwords.
  The user can then copy/paste this information for redistribution, either by selecting a piece of text, or by using the 'Copy All' button (see screenshot in next bullet)
• The user can also click a button to go to the password reset page to reset it on behalf of the user. 
  This functionality was previously only available in the Supervisor application.
  
• If the user who is resetting/creating one or more passwords has an email address configured in Setup, this information is also sent to that address.

Account creation (Agent, Admin, Wallboard)

• Agent creation now has the email address (optional) also in the popup window, and not only on the details:
  
• Admin and Wallboard accounts now have a popup that also show the optional email address so you do not have to zoom in to the details to add it:
  

Agent import

• If agents are added, they will be created with a new random password on deploy with a popup and an email if the creator has that configured - even if a password is filled out here!
  This is similar to previous behavior, but then the default password was used.
• If the import file has existing agents and password field is empty, nothing changes (same as before)
• For security reasons, we no longer allow initially sharing the same password.
  If the import file has existing agents and password field is filled out, the password is changed to this, unless that password is used more than once in the import file.
  This is show in a message, like this:
  

Admin/agent/wallboard passwords reset in Setup application

• As described in the generic section

Agent/Wallboard passwords reset in Manager application

Because this is a limited runmode, we will only allow to send out password reset links.
This means only for accounts that have an email address configured.
If you need to reset passwords by generating random ones, use Setup application, or - as supervisor - the Supervisor application.
This will be shown in a message:

Supervisor resets passwords in Supervisor client

• As described in the generic section