Password lockout - can't manually unlock an employee
Problem reported by Jess Coburn - August 5, 2015 at 7:26 AM
Resolved
It's a problem that this is hard-coded into Smartertrack and that there doesn't appear to be a way to change this or to manually unlock a user.
 
I'm told this is likely a 10 minute lockout, we're waiting it out now to see, but this is 10 minutes that an employee can get no work done.
 
There doesn't appear to be any way from the employee screen to unlock them manually.
 

7 Replies

Reply to Thread
0
Employee Replied
Employee Post
Hello Jess, 
The password lockout is kept in a way that would make it... difficult to make as a setting due to the way its uniquely tied to them... (I don't want to risk security by mentioning how). ANYWAYS the security can be disabled in Settings -> Security -> Enable Brute Force Detection. I think you should be able to turn this off and the agent will again be able to log in.
0
Ben Santiardo Replied
My apologies, I made an incorrect assumption, I deleted my comment and code to prevent any confusion.
____________________________________
Ben Santiardo, Programmer Analyst
Eastern Suffolk BOCES
0
Brian Ellwood Replied
"The password lockout is kept in a way that would make it... difficult to make as a setting due to the way its uniquely tied to them"
 
This doesn't really make sense? All other IDS blocks show up and allow us to manage them, how would displaying user lockouts be any different?
 
If we can't do them "per-user" at least give us the ability to "flush all"
 
1
User Replied
A flush all is a good idea, I can put it under a feature request to be considered. Until then, there is a way to round about flush all. Just turn off the 'Enable Brute Force Detection' feature and turn it back on 10 minutes later. :)
0
Matt Petty Replied
Employee Post
I needs to make a flushing sound when you do it though...
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Brian Ellwood Replied
This really isn't a solution... You are compromising the security of the server and creating the need for manual re-activating to overcome a limitation of the software...

Yes "it works" but it's hardly a solution :/
0
Vincent Sammons Replied
we all need to consider security vs usability. As an administrator it is far easier to help an end user if the administrator had the ability to unlock an account on demand. I would suggest creating a parameter in the Config file that would allow us to setup the administration (risk) based on our preferences. 

Vincent Sammons

Reply to Thread