Jump to content

Require existing password before allowing a password change


Recommended Posts



Currently if a user wishes to change their password through the authentication options screen in preferences they just need to enter the new password. It would be much more secure if they had to enter their existing password in a text box above where they enter their new password. This would stop situations where someone is left logged in but walks away from their computer (which shouldn't happen of course ;) ), another person comes along and changes their password and can then access the system from another computer. Best practice is to always ask for the existing password before allowing a password change. If the person changing the password doesn't know their existing password they need to talk to a security admin to reset it for them.



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...