Change Password screen should offer clarity of minimum requirements and illegal characters
We resell access to ConnectWise Control Access to some of our customers. When we setup accounts we force the user to change their password on first login. Many times we have received questions or experienced some frustration over the process of changing password for the following reasons:
- Lack of clarity of minimum password requirements, not identified or written anywhere (or at least not obviously and clearly)
- Even with the rule of "minimum 8 characters, 1 upper, 1 lower, 1 number, 1 symbol" it is possible to get an error message stating 'invalid password'. Sometimes the password does not change, and sometimes despite the error message the password changes (but only find out after we log out and log back in). This is extremely confusing for both our client users and our NOC technicians. I have personally experienced both scenarios where a complex password I try (a) does not take effect + I receive an error message stating 'invalid password' (which password is invalid? the old password or the new one?) and (b) I receive the error message stating 'invalid password' + my account password changed to the 'invalid password' password (the new one) and the only way to test this is to log out and log back in trying the new password for which I received an error message
Additionally, we have had users encounter 'invalid password' with 2FA setup. They enter their credentials and hit login, then enter their Google Authenticator code and hit submit only to receive an 'invalid password' error.
I apologize in advance as some of what I write and present here is lacking in concrete reproducible steps.
Answer
Hey Joshua,
You can edit the web resource ChangePasswordPanel.Description to include password requirements.
Even with the rule of "minimum 8 characters, 1 upper, 1 lower, 1 number, 1 symbol" it is possible to get an error message stating 'invalid password'.
If a user is meeting the password requirements the error shouldn't appear. If that isn't the case, please reach out to our support team so they can investigate.
Sometimes the password does not change, and sometimes despite the error message the password changes (but only find out after we log out and log back in).
Again, if an error is received but the pw is accepted I'd reach out to support so this can be investigated and logged.
Customer support service by UserEcho
Hey Joshua,
You can edit the web resource ChangePasswordPanel.Description to include password requirements.
https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Administration_page/Appearance_page
Even with the rule of "minimum 8 characters, 1 upper, 1 lower, 1 number, 1 symbol" it is possible to get an error message stating 'invalid password'.
If a user is meeting the password requirements the error shouldn't appear. If that isn't the case, please reach out to our support team so they can investigate.
Sometimes the password does not change, and sometimes despite the error message the password changes (but only find out after we log out and log back in).
Again, if an error is received but the pw is accepted I'd reach out to support so this can be investigated and logged.
https://www.connectwise.com/services/support