Generated Passwords Sometimes Invalid

Ben Bricker asked on August 17, 2016 18:23

I have a client who has been getting a few different requests that the temporary passwords that are being sent to the users are invalid. The user accounts are being auto-generated when the user checks out as a guest, or if they click the forgot password link.

The passwords that are generated are generally pretty complicated, so that may have something to do with some of the requests, however, I did give one of the user passwords a try and it definitely isn't working. Resetting it through the admin interface allows the user to login, but we'd like to avoid having to manually go in and change the password.

Has anyone else experienced this issue? Or is there a way to change the format of the auto-generated passwords?

Recent Answers

Rui Wang answered on August 17, 2016 19:31

Hi Ben

If the auto generated password is too complicated, you could set it to be plain text, then enforce the rule to reset password on the first login. You can set the format of the new password.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on August 18, 2016 04:36

Are there any errors in the event log in Kentico related to the failed requests? How are these forgotten passwords generated or sent? In v7 I had issues with using the forgot password and reset password from the front site where ViewState was causing issues and the request and hash were invalidated when trying to reset it. This environment was setup in a webfarm with persistent sessions so I simply blamed it on that but not sure if the end result was that or not as we upgraded to v8.2 which seems to have resolved it.

0 votesVote for this answer Mark as a Correct answer

Ben Bricker answered on August 18, 2016 17:25

Hi Ben

If the auto generated password is too complicated, you could set it to be plain text, then enforce the rule to reset password on the first login. You can set the format of the new password.

I set the password format to plain text and set the password policy to be forced, but still no luck. The generated passwords are still complicated.

Are there any errors in the event log in Kentico related to the failed requests? How are these forgotten passwords generated or sent? In v7 I had issues with using the forgot password and reset password from the front site where ViewState was causing issues and the request and hash were invalidated when trying to reset it. This environment was setup in a webfarm with persistent sessions so I simply blamed it on that but not sure if the end result was that or not as we upgraded to v8.2 which seems to have resolved it.

The event log just displays Authentication Failed, but no error code with it. They are being generated and sent with the forgot password portion of the login web part. I'll see if the ViewState is causing the issue on this site as well.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.