Has anyone thought of or tried to customize “Password” flow for new users in vTiger CRM?
As a regular practice and as an inbuilt default feature; when a user is created in CRM, the password is either system generated or created by Admin.
During an interesting discussion with a client, we noted a few points based on experienced problems and observations
- Users created usually do not change and add their own password but remember the same in the browser, especially when their desktop or mobile instrument is not shared
- While creating a multiple users, Admin uses same password for whatever psychological reason. This is compromising the security and basic purpose of password
- System generated passwords are never remembered by the users and it is frequently or always directs users to “Forgot Password” feature. This is unproductive waste of time.
- Default option of having own password gives a user feel of privacy.
We customised the flow of creating an active user by default forced setting of password when a new user is trying to access the CRM first time. The simple flow is Create User without selecting password > Email is sent to the new created user from Admin with link to the new password>Link opens to set a new personal password>Upon setting a new password, user is redirected to login page.
In addition to the above we set a time limit of 24 hours to respond to “Set Password” link for user to measure alertness of an employee to CRM reporting system.
- Eliminating uniform & thus unsecure first password by Admin
- Default directing users to select their own password. Most people tend to set password that they can remember
- Better employee experience by the feel of privacy
- Least use of “forgot password”
- Single click to resend a new email for expired links retaining the same user details once created
More options like active user (with set password) and inactive employees (Unopened emails or expired links) filters/sorting can be developed as required.
How do you think this small change would matter and what more can be explored? Comments & suggestions are welcome!
Let us know if you needs more information on this