#dominoforever | Product Ideas Portal


Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Forgotten password: Domino self-service password change using SMS password delivery

When a user requests a new password because they forgot it (either by using a Notes Client or by using a Browser), Domino should be able to automatically set a new password for a user and deliver it to the user via SMS to their mobile phone number (if defined in the Person Document).

For additional security at this unauthenticated stage, additional features should be available, such as:

  • Security questions/answers initially pre-defined by the user, or autogenerated by Domino
  • Anomaly detection by an integrated Domino Watson service (e.g. based on source IP number)
  • Re-Captcha
  • Other features definable by the Administrator

Domino should log the event in an auditable way, and inform Domino operators about the event.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 31 2018
  • Needs review
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 21, 2018 23:23

    In response to "SMS is inherently insecure" : What alternative communication channel would you suggest, that is less broken than email and SMS?

    And the other aspect is, if a platform provides a certain feature, organizations are free to use it, or not. But if the feature isn't there, organizations may be stuck with expensive and slow callcenter-based processes.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 29, 2018 00:04

    Most of the companies I work for, and mine, would not  be able to honor/implement/support the new password being in the e-mail, because of regulatory compliance to "protect the user",  but a temp password that works for next "hour" or so should/might get past those internal and external fear-based auditors.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 24, 2018 09:02

    SMS is inherently insecure, as multiple examples exist of SIM spoofing. With Identity theft using SIM spoofing on the rise, I would rather see this feature NOT implemented.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 02, 2018 08:45

    I would imagine that there would already be one or more business partner that have already built a self service password reset solution. So personally I would prefer if to buy / use those product so HCL developer can spent their time doing other request. IMHO, this is a Win - Win solution for everyone.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 01, 2018 07:08

    This request goes into the direction of my ticket https://domino.ideas.aha.io/ideas/DOMINO-I-93