Hi Doreen,

 

In version 15.x, the ability for a System Administrator to view a user's password has been removed. It has been replaced with the ability to create a temporary password to access the account. Please see this thread for more information: http://portal.smartertools.com/community/a87728/show-password-in-15_x.aspx

 

Thank you,

It sucks !

As per the release notes, it's a setting in the mailConfig.xml file. By default, the Show Password option is disabled (set to False), but you can simply edit the XML and change the field to True to have it displayed again. You'll want to edit the <allowViewingOfPasswords></allowViewingOfPasswords> row to activate the option. (Stop the SmarterMail service before editing system files.)

In case you upgrade but don't see the <allowViewingOfPasswords> field in the mailConfig.xml, close the file and log in to SmarterMail as a System Admin. Go to any Settings page in SmarterMail and simply save the page. This will write out a new mailConfig.xml file that will include the new field. 

 

Thanks,

I was okay with the Password Recovery options and not being able to view Passwords at all, but I was working under the assumption that was because Passwords in v15 were Salted & Hashed in accordance with Industry Standards and were not reversible.

 

Obfuscation through Obscurity is not really Security. As long as they could be recovered through third-party Apps using the API means it didn't really matter that they were hidden from System Admins or Domain Admins, as they were still recoverable in some form, and not really in compliance.

 

So, I for one, am at the same place I was before and after the change. I know that many people are happy about being able to set their Smartermail installation to allow Passwords to be revealed, but I would much rather have it to where Passwords couldn't be revealed by either Smartermail or through a third-party App using the API, where they were properly Salted & Hashed, and truly secure.

HIPAA doesn't apply to most people.