When Users Forget Their Login Passwords

Question:

When users tell me they can’t remember their Spitfire password, where do I, as the System Administrator, go to look them up?

Answer:

No one, not even System Administrators, can look up a password. For security reasons, passwords are not stored anywhere. When someone forgets a password, you have the option to direct the user to the Password Recover Wizard or to do a System Admin password reset, as described below.

Notes:

  • If your site is using Active Directory, either you or your IT department needs to change the password in Active Directory. The following  options do not apply to Active Directory login passwords.
    • If you are not sure if a user is set up for Active Directory, look at the user’s Contact Details. The user Login field on the General tab will indicate Active Directory if it is so.
  • If your user is using the Sign In with Google option and is having an issue, the user should verify that other Google services (Drive, Keep, Gmail, etc.) are accessible from that browser and/or go to myaccount.google.com.

Option 1: Point out the Password Recover Wizard link

  1. Tell your user to click the Password Forgotten link on the log-in page. The Password Recovery Wizard will ask a few questions then send an email with instructions on how to set up a new password.

Option 2: Give users new passwords

  1. Go to the Contacts Dashboard and open the user’s Contact Details window.
  2. Enter a new password in the Password and Confirm Password fields. As a System Administrator, you can leave the Old Password field blank.
  3. Save. Note that Must Change Password option will automatically be checked (forcing the user to change to another password upon first login). This is in compliance with Common Criteria security standards.
  4. Tell your user the new password. Once in the system, anybody can change a personal password (as described in KBA-01190).