Allowing or Forcing Password Reset

Occasionally, EFT users may want to change their passwords. You may also want them to change their password the first time they log in with the temporary password that you've assigned them. The account management page is provided (via HTTPS) for users to change their passwords without intervention from the system administrator. (You can enable the password reset page while disallowing general access to HTTP or HTTPS, but you still must provide an SSL certificate.)

If Force users to change their first-time password immediately upon first use check box is selected, users are forced to change their passwords the first time that they log in to the server.  When a new user logs in to EFT via the HTTP or HTTPS index page, EFT redirects the user to the Change Password page (e.g., https://localhost:4439/EFTClient/Account/ChangePassword.htm). After the user creates a new password, they are returned to the home page.

When a user logs in to the HTTPS index page for the first time, the user is automatically redirected to the change password page if:

Note: "Temporary password" means the administrator created a password for them and selected the check box requiring them to change the password when they log in for the first time with that password.

You can configure password reset on the Site, Settings Template, and for each user. (The Site setting Force users to change their first-time password immediately upon first use is inherited by the Settings Templates; the Settings Template setting is inherited by the users in that Settings Template.)

To configure the Site, Settings Template, or user account to allow or force password reset

  1. In the administration interface, connect to EFT and click the Server tab.

  2. On the Server tab, click the Site, Settings Template, or user account that you want to configure.

  3. In the right pane, click the Security tab.

    Site > Security tab:

  4. Select the Allow users to reset their passwords check box.

  5. On an LDAP Site, if you want to hide the Forgot Password option in the Web Transfer Client, select the Suppress "Forgot Password" option check box, then specify whether you want it hidden for All Domains, the Internal Domain, or the External Domain. (Not available on non-LDAP Sites.)

  6. Click Apply to save the changes on EFT. Users will be prompted to change their password when they log in to the Site.

When a password is reset, EFT verifies the new password against complexity criteria and password history, if those features are enabled. Users are not allowed to proceed with their session until a password is created and accepted by the system. If the password is not accepted by the system: