Jump to content

Require existing password before allowing a password change


bobstheword
 Share

Recommended Posts

Hi,

 

Currently if a user wishes to change their password through the authentication options screen in preferences they just need to enter the new password. It would be much more secure if they had to enter their existing password in a text box above where they enter their new password. This would stop situations where someone is left logged in but walks away from their computer (which shouldn't happen of course ;) ), another person comes along and changes their password and can then access the system from another computer. Best practice is to always ask for the existing password before allowing a password change. If the person changing the password doesn't know their existing password they need to talk to a security admin to reset it for them.

 

Thanks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...