Jump to content

Auto generate a password while creating a new client in version 8


ramf

Recommended Posts

Hi,
In version 8.0.4 when I try to add a new client I have to add a password during the client creation process or else I get error while In version 7.10.2 I can create a new client without adding such a password.

The solution by WHMCS is:
 

Quote

you can put in any placeholder data as a password then visit the Users tab of that profile and click the down arrow to the right of the Owner user and click to send a password reset email

In my opinion this is so much more work than the process in version 7.10.2 - you made something simple to very cumbersome...

And there is a security issue here... If our agent will have to manually insert a password and then manually send a password reset email - I guess that the password will not be a strong one, and maybe even the same password for several customers, and I guess that some of the customers will not go through the change password process - so in the end we will have clients / user with a week / repetitive password and that's a huge security risk!

So in version 8 you created a cumbersome process that will also cause a security risk - This is bad....

Also please note that when adding a user to the account - we don't have to create a password, an email is sent to the user and he can use WHMCS password generator to create his password. So the only place we have to manually add a password is when we create the first user / client.

Please consider implementing one of the following solutions ASAP:

  1. This is the best option: Auto generate a strong password for each user. If the user is requesting a different password he can do it via the client area or by asking us to send him the reset password email - but the baseline will be secure password. in this way you can remove the password field from the create new client process.
  2. Same as above - but without removing the password field - so if we want to create a custom password when creating a new client / user. if we will leave this field empty the system will auto-generate a strong password for the client.
  3. Use the built-in password generator in the browser (chrome for instance ) - so when the admin will click on the password field the browser will automatically offer a strong password.
  4. Add the WHMCS generate password button to the admin side so when an admin is creating a new client he will be able to generate a strong random password as part of the client creation process (just like the one other users will have at the client side).

Any way - forcing us to manually create a password for the customer is wrong and cumbersome and really a security risk.

Can you please share your thoughts and also vote here:
https://requests.whmcs.com/topic/auto-generate-a-password-while-creating-a-new-client-in-version-8

Regards,
Ram

Link to comment
Share on other sites

  • 2 weeks later...
On 11/8/2020 at 10:43 AM, ramf said:

This is the best option: Auto generate a strong password for each user. If the user is requesting a different password he can do it via the client area or by asking us to send him the reset password email - but the baseline will be secure password. in this way you can remove the password field from the create new client process.

Thats a good option. Dont think anyone is going to bother doing that from whmcs internally tho... Maybe someone can come up with a hook.

Forums are full of issues and comments about the current way password are implemented or should i say how they have stripped it back in prep for SaaS ersion (as some have said)...

Link to comment
Share on other sites

5 hours ago, ramf said:

What is this  SaaS version?  

speculation discussed in another thread....

5 hours ago, ramf said:

Is there any plans to change the way  WHMCS is working from a self hosting software to a SaaS  hosted by WHMCS?

not in the short-term I wouldn't have thought, but who knows in the future. 🔮

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated