Resetting a User Password

Overview

Server Scout provides two methods for resetting user passwords: self-service password reset for users who can access their registered email, and admin-initiated password reset for situations where administrative intervention is required. Both methods are designed to maintain security whilst providing convenient access recovery options.

Self-Service Password Reset

The self-service method allows users to reset their own passwords without requiring administrator intervention.

Steps for Users

  1. Navigate to the login page and click the "Forgot password" link
  2. Enter your registered email address in the password reset form
  3. Check your email for a password reset message from Server Scout
  4. Click the reset link in the email to access the password reset form
  5. Enter your new password and confirm it
  6. Log in with your new credentials

Important Security Notes

  • Password reset tokens are valid for only 1 hour after generation
  • Each token can only be used once - attempting to reuse a consumed token will fail
  • If the token expires, you'll need to request a new password reset email

Admin-Initiated Password Reset

Administrators can reset passwords for any user account through the Server Scout interface. This method is particularly useful when users cannot access their email or are completely locked out of their accounts.

Steps for Administrators

  1. Log into Server Scout with administrative privileges
  2. Navigate to the Users section from the main menu
  3. Locate the user whose password needs resetting
  4. Click the "Reset Password" action next to the user's account
  5. Confirm the password reset when prompted

The system will automatically generate a secure temporary password and send it to the user's registered email address (provided SMTP is properly configured). The user will receive an email containing:

  • Their temporary password
  • Instructions to log in and change the password immediately
  • A reminder that the temporary password should be changed for security reasons

Post-Reset User Experience

When users log in with their temporary password, Server Scout will:

  • Display a prominent notification advising them to change their password
  • Provide easy access to the password change functionality
  • Encourage the selection of a strong, unique password

Practical Scenarios

User Locked Out of Account

When a user is completely locked out and cannot access their email:

  1. Admin initiates password reset through the Users interface
  2. Admin manually communicates the temporary password to the user through secure channels (phone, in-person, etc.)
  3. User logs in with the temporary password
  4. User immediately changes to a permanent password

User Forgot Password (Email Access Available)

For users who simply forgot their password but can access their email:

  1. User initiates self-service reset from the login page
  2. User receives reset email within minutes
  3. User completes reset process independently
  4. User logs in with their new password

SMTP Not Configured

If your Server Scout installation doesn't have SMTP configured:

  • Self-service resets will fail as emails cannot be sent
  • Admin-initiated resets require manual intervention - the administrator must communicate the temporary password through alternative secure channels
  • Consider configuring SMTP for automated email delivery to improve user experience

Best Practices

For Users

  • Act quickly when receiving password reset emails - tokens expire after 1 hour
  • Change temporary passwords immediately after admin-initiated resets
  • Use strong, unique passwords when setting new credentials
  • Don't share reset links - they're single-use and account-specific

For Administrators

  • Verify user identity before initiating password resets
  • Use secure communication channels when SMTP isn't available
  • Monitor reset activities through Server Scout's audit logs
  • Ensure SMTP is properly configured for the best user experience

Password resets are logged in Server Scout's audit trail, providing administrators with visibility into account security activities and helping maintain compliance with security policies.

Frequently Asked Questions

How do I reset my password in ServerScout if I forgot it?

Navigate to the ServerScout login page and click 'Forgot password'. Enter your registered email address, check for the reset email, click the reset link, and enter your new password. The reset token is valid for 1 hour and can only be used once.

How long are ServerScout password reset tokens valid?

Password reset tokens are valid for only 1 hour after generation. Each token can only be used once, and attempting to reuse a consumed token will fail. If the token expires, you'll need to request a new password reset email.

How does admin password reset work in ServerScout?

Administrators can reset any user's password by logging into ServerScout, navigating to the Users section, locating the user, and clicking 'Reset Password'. The system generates a secure temporary password and sends it to the user's registered email address if SMTP is configured.

What happens when an admin resets my ServerScout password?

You'll receive an email with a temporary password and instructions to log in immediately. When you log in with the temporary password, ServerScout displays a notification advising you to change your password and provides easy access to the password change functionality.

Can I reset passwords in ServerScout without SMTP configured?

Self-service password resets will fail without SMTP configuration as emails cannot be sent. Admin-initiated resets will still work, but administrators must manually communicate the temporary password through alternative secure channels like phone or in-person communication.

What should I do if a user is locked out and can't access email?

An administrator should initiate a password reset through the Users interface, then manually communicate the temporary password to the user through secure channels like phone or in-person. The user should log in with the temporary password and immediately change it to a permanent one.

Are password resets logged in ServerScout?

Yes, password resets are logged in ServerScout's audit trail. This provides administrators with visibility into account security activities and helps maintain compliance with security policies by tracking all password reset activities.

Was this article helpful?

Related Articles