Hello,
We have some suggestion to include the option “forget password” in the OpenEMR login screen.
Having mandatory email fields in users page can help us to figure out.
If any users have forget their password, Sending forget password link to the provided email id at the time of user creation.
OpenEMR currently provides an option only for admin to login and change the password for users.
In case, admin forget their password it is possible to change only through the DB.
Thanks,
ViSolve
I don’t like this idea, it offers a security vulnerability; if I gain access to your email I can gain access to OpenEMR.
My suggestion is if a user forgets their password, they contact the admin and have them change it. I’m usually a proponent for automation, but nit here, I think it introduces too big of a security risk.
Understood the concern by Robert.
But, unfortunately, most of the digital world operates that way!
From financial institutions to healthcare and they all use registered mail
address to reset the passwd!
Here is one such example from leading healthcare vendor eCW:
https://my.eclinicalworks.com/eCRM/jsp/forgotPassword.jsp
-ViSolve Services
Hi,
Good compromise would be to control this feature with a global.
-brady
The healthcare system I work at, one of the largest in the U.S., does not allow users to reset their password via an email.
Most of the world allows reset password options, yes, but given the sensitive nature of the information, our standards must be higher than essentially all other systems. Maybe financials and government could edge our healthcare data? But that’s a maybe.
I think even a global option allows too much of a security risk.
Also please remember this is Open Source software. If I want to hack, first place I would go is the source.
I still think we have to make this user friendly and easy to use.
If security is a real concern on the “Forgotten Password” we can implement
2FA.
-Sena
It’s good this issue is being brought up because I can promise it will be fore and front when dealing with Fed contracts. Dual auth would be a proper start.
I think security is more important than user friendliness in this specific instance. I assume the 2FA you’re referring to would be security questions? I think that is still too weak.For 2FA to truly be effective, I think you’d need a smartcard or would have to implement client-side software to generate the codes.
If we did 2FA it’d have to be done at the highest levels of security, perhaps using this NIST guideline as a reference.
If done properly, I would be ok with a global option (disabled by default) for resetting a password using 2FA. Otherwise, I strongly think this is something we should not implement.
Hi,
If a user wishes to have this feature(perhaps in a low resource place that does not have an IT dept), why is this not acceptable if control this feature with a global?
-brady
Like I said, if we implement it properly and it’s an opt-in setting - I’m ok with it. I don’t think it’s a good idea for users to be able to do this, but that’s a decision the institution should make.
I’d also consider adding some sort of password strength requirement as users tend to use weak passwords unknowingly leaving system open. Prob makes Roberts point stronger.
Some current password settings in globals do exist:
http://www.open-emr.org/wiki/index.php/Administration_Globals#Require_Strong_Passwords
We could have a 2-step verification process with a forgot username and forgot password link that sends a link to their sign up email and then requires a code sent by text to the user’s cell phone for verification.