In applications without a sign-up, user accounts are usually created by an admin. This imposes two challenges:
- How to transmit the password securely and
- How to make the user change the initial password immediately
There is a simple solution: create the account with a secret password, then ask the user to use the password reset with his user name.
Posted by Dominik Schöler to makandra dev (2020-03-23 13:04)