HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status No Plans to Implement
Workspace Domino
Categories Administration
Created by Guest
Created on Jul 31, 2018

RELATED IDEAS

Forgotten password: Domino self-service password change using SMS password delivery

When a user requests a new password because they forgot it (either by using a Notes Client or by using a Browser), Domino should be able to automatically set a new password for a user and deliver it to the user via SMS to their mobile phone number (if defined in the Person Document).

For additional security at this unauthenticated stage, additional features should be available, such as:

  • Security questions/answers initially pre-defined by the user, or autogenerated by Domino
  • Anomaly detection by an integrated Domino Watson service (e.g. based on source IP number)
  • Re-Captcha
  • Other features definable by the Administrator

Domino should log the event in an auditable way, and inform Domino operators about the event.

  • Attach files
  • Guest
    Reply
    |     Jun 7, 2021

    @Thomas Hampel: I disagree.

    The one-time password could be configured in a way that it does not work unless a security question is answered correctly. (basically a 2nd factor) In addition, the OTP can be configured to expire after a short amount of time.

  • Admin
    Thomas Hampel
    Reply
    |     Jun 6, 2021

    Delivering passwords via SMS means that they would be sent in clear text, so need to reject this idea because this is insecure.

  • Guest
    Reply
    |     Oct 21, 2018

    In response to "SMS is inherently insecure" : What alternative communication channel would you suggest, that is less broken than email and SMS?

    And the other aspect is, if a platform provides a certain feature, organizations are free to use it, or not. But if the feature isn't there, organizations may be stuck with expensive and slow callcenter-based processes.

  • Guest
    Reply
    |     Aug 29, 2018

    Most of the companies I work for, and mine, would not  be able to honor/implement/support the new password being in the e-mail, because of regulatory compliance to "protect the user",  but a temp password that works for next "hour" or so should/might get past those internal and external fear-based auditors.

  • Guest
    Reply
    |     Aug 24, 2018

    SMS is inherently insecure, as multiple examples exist of SIM spoofing. With Identity theft using SIM spoofing on the rise, I would rather see this feature NOT implemented.

  • Guest
    Reply
    |     Aug 2, 2018

    I would imagine that there would already be one or more business partner that have already built a self service password reset solution. So personally I would prefer if to buy / use those product so HCL developer can spent their time doing other request. IMHO, this is a Win - Win solution for everyone.

  • Guest
    Reply
    |     Aug 1, 2018

    This request goes into the direction of my ticket https://domino.ideas.aha.io/ideas/DOMINO-I-93

Copyright © 2023 HCL Technologies Limited