Welcome to i-Attend Q&A, where you can ask questions and receive answers from other members of the community.

i-Attend is a platform to manage your events, workshops and classes. It is a multi-tenant, single code-based, software-as-a-service delivered through Web browsers or mobile applications.

Track attendance, create CEU certificates, generate name badges, create evaluations, design event websites and online registration forms, and generate reports are features available in the i-Attend platform.

You can also refer to i-Attend Documentation for any of your questions.

Is there a more secure method of finding lost passwords?

0 votes
Out IT department is testing i-Attend and is concerned about how the password and email are sent in plain text to users. A lot of others companies send a link where you must change your password but you never find out what the old one was which we find is more secure. Is that an option? Second, is there a way to change the default password created when a new "user" is created through "attendee"batch upload? It seems that the default password is... well very easy to figure out.

You guys have been great! thank you!
asked Feb 19, 2016 by matthias.jenkins (210 points)

3 Answers

+1 vote
Best answer
Good morning, Matthias,

Over the weekend, the latest release of i-Attend including the changes you had suggested for "Lost Passwords" and "New Users" was deployed on all our servers.

Thank you for your suggestions, and we hope the changes help you and your team.
answered Mar 14, 2016 by Pavan (1,620 points)
selected Mar 14, 2016 by admin
0 votes
Yes, we are working on a new procedure for password retrieval. This should be included on our next release.

Regarding the default password, we are open to suggestions. Please email support and give us your ideas. We will then review and discuss - if approved, we will implement it.
answered Feb 19, 2016 by Pavan (1,620 points)
Do you know when this would take affect(release date)? I would ask how this new procedure works but I'm assuming you cannot answer that at this time. However if you can, that would determine some things for our department.
Our next release is scheduled for deployment in March. We do not have a firm date yet.

So the process is what you just described:
1. Email is sent with link
2. Link will provide opportunity to change password (8 chars; with alpha; with number; with special character)
0 votes
The most secure method of dealing with lost passwords for the typical web application is sending out a token which takes you to a webpage which can be used to reset the password on an account. This web page could ask a security question which had been stored previously depending upon the level of security your application requires. The token should be valid only for one visit and become invalid after a certain period of time. This token can be sent over any method as soon as you can verify identity in some way.
answered May 30, 2016 by anonymous
edited May 30, 2016 by admin