If I enable the function to allow resending the password, this will generate a new password for the user and send it to him/her by email. This poses security issues: - anyone can request to change any user's password. All you need to know is the user name (often easy to guess). - the password is sent in the same email as the login !
We need a feature that will only send a link by email to display a password reset form.
This link should expire (and the password will remain unchanged) after a few minutes. Thus, only the recipient of the email, i.e. the account address email, will be able to change the password.
I hope you will find this demand essential in terms of security, to put on your development roadmap.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.