A. Forgotten password
Users who have forgotten their password may:
- Ask their account owner to go to their 'Users' tab, where they may edit their details and generate a new password.
An account owner may generate a new password by going into the 'Users' tab on the sidebar, selecting the user to edit, clicking the checkbox next to "Generate new password..." and saving. A new password will be generated and sent to the user's email address.
(This option is used as it is a more secure password reset method than users contacting support or having a “forgot password” button).
- Or contact support to assign a new password.
B. Changing password
Once logged in users may change their own password from the 'Users' tab (in the sidebar on the homepage), then enter a new password (twice to verify) and save.
Users will see a password strength meter as an indicator to tell them how strong the password they are entering is considered. This is only an indicator and any password change other then blank passwords will be accepted unless strong passwords are required by the account owner (see account security options).
C. Additional notes and Security
- For security reasons, whenever a password is changed, the user will be logged off on all Audit Assistant sessions they may be running (say if they are logged in on additional device). If the user changes their own password, the Audit Assistant session that they used to change their password will not be logged off but every other session will.
- When Audit Assistant detects a user is logged in from a different device they will be sent an email saying “someone has logged in from a different device". If a user receives this email and it was not them that logged in, it is recommended that they click on the link provided in the email to generate a new password. The user will be logged off all Audit Assistant sessions and their new password will be emailed to them.