Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...How to log password use in "Login Failure"How to log password use in "Login Failure"
Previous
 
Next
New Post
5/16/2012 10:15 AM
 
Jon Hearsch


Joined: 6/4/2003
Posts: 6

Hi, I was wondering if it is possible to log the password a user used to login to the portal and the login failed. The reason behind this is that I have a customer claiming that they tried to login to the portal with the right password and that the portal did not let him in. I see some login failure events in the logs but I do not know what password they were using to confirm if they in fact were using the right password or maybe they had a typo or something.

If it is possible, could some one point me to the right direction on how to do this please?

Thanks!
 
New Post
5/16/2012 12:42 PM
 
Mike Ryckman


Joined: 4/17/2011
Posts: 519

Hello,

I don't know a way of logging the passwords used, but, in general, I would recommend against doing that anyway. Logging passwords is a very easy way to create enormous security problems... You should never want a readable list of your users passwords - it's just a liability. Related to this, in my DNN sites, I immediately switch from encrypted passwords to hashed passwords so that they can't be recovered.

If somebody is having trouble logging in, I would just reset their password to a temporary and then have them change it next time they log in. FYI: DNN does not force a password change for the user after they log in with a temporary password. I submitted an enhancement request on this a while back and I think it's slated implemented in 6.2.1.

http://support.dotnetnuke.com/issue/ViewIssue.aspx?id=16967&PROJID=2

Hope this helps,

Mike
 
New Post
5/16/2012 3:29 PM
 
Jon Hearsch


Joined: 6/4/2003
Posts: 6

Thanks I agree with you completely, and I find  your solution to be the right thing to do. But my customer wants to understand why the password that they got on the portal registration didn't work if they were typing it correctly. I am almost sure that they didn't typed the right password but its my word against theirs, unless DNN has some major bug that it sends a wrong password when a new user is created...

I'll keep searching to see if I find a way to log the password used in the failed login attempt, I would only need to do this until I can solve this mystery and then not log it anymore.
 
New Post
5/17/2012 10:44 AM
 
April Spence


devcentral.f5.com
Joined: 11/4/2005
Posts: 562
Security issues for sure...but I think you could do this with a custom login module. The DNN Event log has an API and you could pass through not only the failure...but stck the entered password in the description.

Also, I highly recommend NOT sending passwords in the registration emails (you can remove these by updating the resource files in languages)

I also recommend using this free password reset module from Iowa Computer Gurus (Mitchel Sellers) http://www.iowacomputergurus.com/free-products/dotnetnuke-modules/secure-password-recovery since it never sends the password in plain text but securely allows the user to reset a new password instead.

We implemented this and cut our support requests for password resets dramatically. Now are biggest failed login issue is forgotten usernames.



Steven Webster
Manager, Community Platform
F5 Networks, DevCentral
 
New Post
5/17/2012 12:10 PM
 
fred.george.jackson


Joined: 4/30/2012
Posts: 193
I tried using this module from Mitchel Sellers but for some reason every time I try to use it, I get a message saying "A critical error has occured. An unexpected error has occured" Before implementing this module I disabled the enablePasswordRetrieval and enablePasswordReset in the web.config. Is this the issue?
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...How to log password use in "Login Failure"How to log password use in "Login Failure"


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out