Adaxes

Browser behaviour in "Change Password" ADSelfService

0 votes

In https://adselfservice.\*\*\*\*\*\*\*/HomeAction.aspx?id=a269d548-4ea2-4f88-****-********
We get different behaviour from Internet Explorer 11 vs other browsers with regard to password masking.
In IE8 and Chrome the passwords are masked by default.
In IE11 the passwords are not masked by default.
Is there an Adaxes configuration that will ensure the passwords are masked by default regardless of browser?

by (520 points)
0

Hello,

That's strange. We've re-checked this in our environment, and passwords are masked by default in IE11. Are there any settings that would enable automatic password generation, for example, with the help of a Property Pattern? Could you also post here a screenshot of the page?

by (216k points)
0

I did some retesting and it is actually IE8 that has the different behaviour. IE11 and Chrome are the same.
To clarify, the difference occurs when the user selects the "Generate" button.
With IE8 the new password fields are masked and a separate popup box displays the password in plain text. Clicking on the screen anywhere will quickly hide the plain text.
With the other browsers the the new password fields display plain text.
I suspect this is by design, but my security folks are complaining that the passwords are displayed in plain text.
Security would prefer the password are masked by default.

(IE11 behaviour)

(IE8 behaviour)

by (520 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Actually, we did that for purpose, because the new password is generated by Adaxes automatically. How would users know their new password if it is masked? Of course, they can click on the eye button to view the password in the hint, like in IE8, but what's the difference if they need to view the generated password anyway?

As for the difference between IE8 and other web browsers, IE8 has been developed quite a while ago, and sometimes it is impossible to achieve the same behavior as with newer browsers.

0

So this is not configurable?
Is there an Adaxes configuration that will ensure the passwords are masked by default regardless of browser?

by (520 points)
0

Sorry, missed that one.

No, this is not configurable.

by (216k points)

Related questions

0 votes
1 answer
[SOLVED] Odd behaviour with password reset from logon screen

Hello! We are using the current version of Adaxes and are in the process of making the password self-service available to our users. We have installed the self-service client ... are doing wrong? Thanks Erik [EDIT]: Corrected image links. Sorry about that...

asked Jun 6, 2014 by eventit (160 points)
0 votes
1 answer
How to restrict users from resetting their password but only provide ability to change their password in self-service

Would like to know if we can remove the forget password link on Self-service login page or remove the ability for users to reset their password. We only want users to ... be able to change their password but not reset their password if they have forgotten it.

asked Mar 29, 2023 by Vish539 (460 points)
0 votes
1 answer
Users using Forget password link in self service portal are prompted to change password again

We have implentend Adaxes in our infrastructure and users who use forget their password link via Adaxes self service portal by going thorugh the registered Q&A are being prompted to ... by a specific business rule, I am unable to check this via the log

asked Mar 14, 2023 by Vish539 (460 points)
0 votes
1 answer
Password Change workflow that excludes certain words that users cannot use in a password

Does Adaxes all one to setup/configure a custom dictionary with chosen words that will prevent passwords beign set with these words? Example: Many people use "Welcome", "Password", ... set, even from an Admin side when the first password is set for an Account

asked May 10, 2022 by dtorannini (80 points)
0 votes
1 answer
Is there a way to force users to change their password, but still allow them to log in to Self-Service to change it?

I know I can set the "User must change password at next logon" flag, but noticed when I do that, they can no longer log in to Self-Service.

asked Oct 1, 2020 by RickWaukCo (320 points)
3,549 questions
3,240 answers
8,232 comments
547,814 users