Add the ability for a user or admin to reset a login to TeamPassword.
We had a new user forget their TeamViewer login credentials, which is when we discovered:
1) A user doesn't the the option to reset a forgotten password from the login screen.
2) An Admin doesn't have the option to reset an existing users password.
3) If an admin removes a user from TeamPassword, and then adds them back, it just relinks to the account and old password.
When a user can't log in we need to completely remove that user's account so you can re-invite them as if they're a new user, allowing them to create a new password. You can reach out to support with the person's email to make that request.
We're working on some features now which will help alleviate this issue, but in the mean time support can help!
So then what does TeamPassword team recommend for a user who forgot their password? There should be some kind of emergency procedure where an admin can restore them somehow... This sounds odd but a user or admin can even die and if no one knows their password, whoever takes over is SOL. There should be some process for recovery in this situation.
Hey—when you share something on TeamPassword, you encrypt the account for each team member who should have access using their public key. If you have 50 employees and you share an account with everyone, 51 encrypted entries are created (1 for everyone else, 1 for you.)
When they go to decrypt that info, they use their password to decrypt their private key, then get their copy of that encrypted info. This all happens client-side, so our servers don't have any access to the private info being shared.
In the case where a user forgets their password, and therefore can't decrypt their private key, they cant access those encrypted entries, and we can't re-create them in order to facilitate a password reset.
Hope that helps clear things up!
(Edit: this is traditional private key encryption, which you can learn more about here: https://en.wikipedia.org/wiki/Public-key_cryptography. Really cool concept if you're interested in achieving asymmetrical encryption.)
The Digital Orchard commented
You stated that: "A user's master password is their key to decrypting passwords, so we can't swap that out without re-encrypting data for them."
But that doesn't make entire sense. If I, as one user, adds a record to TeamPassword, then my tech person logs in with his password, he has access to that record, as well. But how does he have access if my own password was used to encrypt the data?
Something isn't jiving with your explanation and team access to the stored data.
Does your system lookup the "owner" of the record being accessed and uses their password to decrypt that record? What if that person is removed from the system, then the key is lost as well. So I doubt that's how your system works. Please clarify.
Just a quick note here on why we don't have this yet—our servers have no knowledge on the usernames and passwords you have stored in TeamPassword, so we can't take an automated approach to resetting forgotten passwords. A user's master password is their key to decrypting passwords, so we can't swap that out without re-encrypting data for them.
You can read a bit more on the topic here:
The Digital Orchard commented
Yes, I have a team member who has forgotten his password. #stuck