User Account Creation and Password Reset Processes

[Patowhiz]

Overview:
This proposal aims to introduce an improved process for user account creation and password management for both Cloud/Internet Users and Local Network Users of Climsoft. The goal is to enhance security, streamline user onboarding, and provide a seamless password reset experience.

Cloud/Internet Users:

1. Account Creation Process:

   • Upon the creation of a user account by an administrator, Climsoft will generate a temporary, random password for the new user.
   • The system will then send an email to the user with a web link containing the temporary password credentials.
   • Clicking on the link will redirect the user to a Climsoft verification page, prompting them to set a new password by entering and confirming it.
   • Once the new password is set, the user will gain access to Climsoft.

2. Password Reset Process:

   • Users forgetting their password can initiate a reset by entering their email.
   • Climsoft resets the password and sends a web link to the user's email for password credentials reset.
   • Following the link leads to a verification page where the user is prompted to set a new password.
   • After setting the new password, the user regains access to Climsoft.

Local Network Users:

1. Account Creation Process:

   • For user accounts created by an administrator within a local network environment (where the server is not internet-exposed), the backend will generate a temporary, random password.
   • This password is then sent back to the frontend portal used by the administrator, who gets one-time access to this password.
   • The administrator can then securely pass this temporary password to the user.

2. Password Reset Process:

   • Users requiring a password reset are prompted to enter their email on a local network interface.
   • The backend processes this request and directs the user to a verification page without sending an email. On this page, the user is prompted to enter and confirm a new password.
   • Upon setting the new password, the user is granted access to Climsoft.

Rationale:
This proposal is motivated by the need for a secure, user-friendly process for managing Climsoft access for users across different environments (Cloud/Internet vs. Local Network). The consideration of different environments ensure user onboarding and password resets are smooth, efficient and secure.

Implementation Consideration:

• Ensure the process is secure by using strong, temporary passwords and secure email communication.
• For local network users, provide clear instructions to administrators on how to securely communicate the temporary password to the user.
• Implement audit trails and logs for account creation and password reset activities for security and compliance purposes.

Additional Security Measures for Cloud/Internet Environment Users:
For users accessing Climsoft in a Cloud/Internet environment, it's important to note that while these enhancements are aimed to improve security within Climsoft, users are also expected to implement broader security measures to protect against other exploits and vulnerabilities beyond Climsoft's scope. This includes using up-to-date anti-virus software, implementing strong network security protocols, and ensuring regular security training for all users.

Request for Comments:
I invite all team members comments, suggestions, and feedback on these proposal. Your insights are valuable to refining and ensuring the effective implementation of these features.