Passwords and upgrading from Gold to AC9

Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Error

Passwords and upgrading from Gold to AC9

Options

Previous Topic Next Topic

judy at Web2Market		#1 Posted : Thursday, March 21, 2024 7:46:57 AM(UTC)
Rank: Advanced Member Groups: Developers Joined: 11/7/2018(UTC) Posts: 303 Thanks: 21 times Was thanked: 5 time(s) in 5 post(s)		I know that customers will need to reset their passwords after the site is upgraded, but will they be able log in with the old password the first time and then be prompted to reset or will they have to request a lost password email? We have a client who is upset about it, partly because of issues with lost passwords emails going to spam, not being delivered, etc.


User Profile View All Posts by User View Thanks


	Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

Katie S		#2 Posted : Thursday, March 21, 2024 3:51:07 PM(UTC)
Rank: Advanced Member Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 472 Thanks: 4 times Was thanked: 34 time(s) in 33 post(s)		Hi Judy, They will be able to login with the old password and prompted to reset.
		Thanks for your support! Katie Secure eCommerce Software and Hosting


User Profile View All Posts by User View Thanks

charles25686713		#3 Posted : Tuesday, March 26, 2024 3:46:51 PM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 7/1/2022(UTC) Posts: 71 Thanks: 5 times Was thanked: 1 time(s) in 1 post(s)		Originally Posted by: judy at Web2Market I know that customers will need to reset their passwords after the site is upgraded, but will they be able log in with the old password the first time and then be prompted to reset or will they have to request a lost password email? We have a client who is upset about it, partly because of issues with lost passwords emails going to spam, not being delivered, etc. You don't have to force a password reset across the board. With the right SQL, you can undo the password reset flag on all users post upgrade. That's what I did. Forcing all out users to change password was a definitive NO GO for us.


User Profile View All Posts by User View Thanks

judy at Web2Market		#4 Posted : Wednesday, March 27, 2024 7:54:43 AM(UTC)
Rank: Advanced Member Groups: Developers Joined: 11/7/2018(UTC) Posts: 303 Thanks: 21 times Was thanked: 5 time(s) in 5 post(s)		I thought about that, but hesitated since there seemed to be a security reason for the change.


User Profile View All Posts by User View Thanks

charles25686713		#5 Posted : Wednesday, March 27, 2024 9:01:42 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 7/1/2022(UTC) Posts: 71 Thanks: 5 times Was thanked: 1 time(s) in 1 post(s)		Originally Posted by: judy at Web2Market I thought about that, but hesitated since there seemed to be a security reason for the change. Indeed. They switched from one hashing algorithm to another. However, I disagree with their approach. They could have done it in a much more user friendly manner. When a user logs in with an account that has the password stored in the old hash, they simply rehash it in the new hash and store it. Forcing everyone to change it does not increase security one iota over the above more user friendly approach. Obviously, it's your, or your customer's, choice. For my company, it was completely unfathomable and unreasonable to force everyone to change their password.


User Profile View All Posts by User View Thanks

Katie S		#6 Posted : Wednesday, March 27, 2024 2:06:40 PM(UTC)
Rank: Advanced Member Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 472 Thanks: 4 times Was thanked: 34 time(s) in 33 post(s)		Quote: However, I disagree with their approach. They could have done it in a much more user friendly manner. Quote: For my company, it was completely unfathomable and unreasonable to force everyone to change their password. I'm very sorry that our approach to updating the password after upgrade upset you, and perhaps others. As far as I know, this is the first complaint since we implemented the change. One of the lead developers made the suggestion and we went with it because it was relatively simple to implement. We had to make the change for PCI compliance. However, the approach to upgrading a customer's password may have not been the best. Thank you for your feedback.
		Thanks for your support! Katie Secure eCommerce Software and Hosting


User Profile View All Posts by User View Thanks

Users browsing this topic
Guest (2)

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Privacy Policy | Powered by YAF.NET 2.2.4.14 | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.244 seconds.

Important Information: The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close