Mobile worker password management

We’re currently assigning unique passwords for each mobile worker account
as a best practice, and to reduce the chance of anyone accidentally logging
into the wrong mobile worker account (which was happening sometimes during
and just after training sessions).

While I understand it is not feasible for mobile workers to reset their own
password, is there a way for administrators to view current mobile worker
passwords without changing them? This would allow us to recover 'lost’
mobile worker passwords without going through the pain of manually
resetting mobile worker passwords.

For example, it would be great if the List Mobile Workers API
https://confluence.dimagi.com/display/commcarepublic/List+Mobile+Workers
could optionally include passwords in the response.

Related to this issue, is there an existing API that can be used to reset
Mobile Worker passwords? The existing User Edit (Mobile Worker)
https://confluence.dimagi.com/pages/viewpage.action?pageId=22708635 API
does not appear to support this.

Thanks, Ray

Hey Ray,

For security purposes, we don’t store any raw passwords anywhere on the
server, so I don’t think this is going to be possible. We could potentially
provide password hashes via the API, but I don’t think those are very
useful for what you’re trying to do.

I’ll offline with you about API options for resetting a password.

thanks,
Cory

··· On Wed, Sep 9, 2015 at 2:35 PM, Ray Brunsting wrote:

We’re currently assigning unique passwords for each mobile worker account
as a best practice, and to reduce the chance of anyone accidentally logging
into the wrong mobile worker account (which was happening sometimes during
and just after training sessions).

While I understand it is not feasible for mobile workers to reset their
own password, is there a way for administrators to view current mobile
worker passwords without changing them? This would allow us to recover
’lost’ mobile worker passwords without going through the pain of manually
resetting mobile worker passwords.

For example, it would be great if the List Mobile Workers API
https://confluence.dimagi.com/display/commcarepublic/List+Mobile+Workers
could optionally include passwords in the response.

Related to this issue, is there an existing API that can be used to reset
Mobile Worker passwords? The existing User Edit (Mobile Worker)
https://confluence.dimagi.com/pages/viewpage.action?pageId=22708635 API
does not appear to support this.

Thanks, Ray


You received this message because you are subscribed to the Google Groups
"commcare-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to commcare-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.