Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Primary Mentor

Backup Mentor

TBDBurke Mamlin
Assigned toTBDHarisu Fanyui

Background

User accounts in the OpenMRS Platform are secured with password hashes and salt; however, because OpenMRS did not historically include the ability to send email, the process for resetting password has been less than ideal. Currently, an administrator sets a temporary password or a user answers their "secret question" (a question and answer set the user previously provided). A medical record system should have a stronger approach to password security and not even an administrator should ever know a user's password (even temporarily). The current approach also puts an undue burden on administrators to reset passwords for users who have forgotten them.

...