Changes to Password Functionality

In Revive Adserver version 5.4, a number of improvements have been implemented in the way passwords are handled and managed.

This page describes these improvements, with examples and screenshots, for two sets of audiences:

  • regular end-users
  • account managers

Changes for end-users

First login after update to 5.4

If you have an existing username for a Revive Adserver system, you will be asked to update your password after you first login following the update to v5.4. Here’s how that works:

Initially, you will have to log in as usual, with your existing username and the password you’ve been using all along. As soon as you have logged in, you will see a message on the screen, informing you about the need to set a new password.

Prompt to change password after updating to v5.4

(click image to enlarge)

The system automatically sends an email to the email address that it has for your username, with some additional informaton about the password changes, and a link that needs to be clicked in order to set a new password.

Password instructing user to set a new password

(click image to enlarge)

Clicking the link in the mail opens a form that displays your username for reference, and two fields that enable you to enter and confirm your new password.

As you can see, there is a minimum length for the password you’re creating.

Form to enter a new password

(click image to enlarge)

While entering your new password, the system will also show an indicator about how strong it is.

Most password managers should be able to recognize the password field and most of them will also be able to suggest a strong and unique password for you. That will enable you to create a password that you won’t even have to remember, your password manager will do that for you.

Password strength indicator

(click image to enlarge)

Changes for account managers

New username – before

In the past, creating a new username involved entering the person’s username and password, their full name, their email address, and selecting the preferred language for the user interface. Then the “Add user” button has to be clicked.

A disadvantage of this scenario is that the end-user has no idea that their new username has been created.

Another disadvantage is that their first password has to be sent to them via email, which is inherently unsafe. Users often don’t take the time to change the password that was initially entered for them, and so their password could become exposed with breaches in email systems.

Old form for creating new usernames

(click image to enlarge)

New username – new and improved

Starting with version 5.4, creating a new username no longer requires entering a password for that user, and then sending the person an email or some other sort of message to tell them what that password is.

Simply enter the regular fields (username, full name, email address, and preferred user interface language), and then click the “Add user” button.

The software will now send an email to the user’s email address, informing them that their username has been created, and instructing them to click a link that brings them to the form where they can enter their password.

 

New form for creating new usernames

(click image to enlarge)