|Unknown User (harisu)|
|Unknown User (harisumadushan)|
|Tendonge Awo-Nasako Ryan|
The process for resetting password has been less than ideal. Currently, an administrator sets a temporary password or a user answers their "secret question" (a question and answer set the user previously provided). A medical record system should have a stronger approach to password security and not even an administrator should ever know a user's password (even temporarily). The current approach also puts an undue burden on administrators to reset passwords for users who have forgotten them. Some work has been done in this direction and the necessary functionality is already available in OpenMRS core.