Kyle Gordon
shared this idea
2 years ago
32
Votes
Login to Vote
Sometimes email is an issue and I have clients unable to recieve the password reset. They call and request I reset it on my end for them so they can login. They seem baffled when I tell them I am not only unable to see the current password (which is to be expected) but that I also can not change it manually.
In this scenario there is a catch 22 issues: Clients domain expired so their email and site go down. They try logging in to renew but can't remember the password (super common). They do the password reset but their email doesn't work. They call me for help getting into their account but I have no ability to do so.
The same goes for people who no longer have the original email used or the email used was an ex-employee. There are just too many issues that come up and we need more control to help resolve them.
In this scenario there is a catch 22 issues: Clients domain expired so their email and site go down. They try logging in to renew but can't remember the password (super common). They do the password reset but their email doesn't work. They call me for help getting into their account but I have no ability to do so.
The same goes for people who no longer have the original email used or the email used was an ex-employee. There are just too many issues that come up and we need more control to help resolve them.
1 Comment
Login to post a comment.
Admins can send password resets via the "Users" tab. Please review this guide for step-by-step: https://help.whmcs.com/m/v80/l/1301340-where-is-the-reset-send-password-option
If a user no-longer has access to their email or is experiencing delivery problems, then staff would assist them in changing the email address to one which is functional, and send the password reset there instead.
In v8.0 and above we introduced a significant update to the authentication and authorization system for accounts and users in WHMCS. Client Accounts no longer have passwords, authentication is now done via Users.
v8.0 and above intentionally does not expose or permit direct manipulations of User passwords via the UI or in emails. Instead an email-based invitation and reset process is used in line with current best-design and security practices. This paradigm is common to many modern SaaS systems.