Primary Mentor | |
Backup Mentor | |
Assigned to |
Update as of Feb 2021:
This was done as a GSoC project. What was not done is adding user interface pages for the configuration of this.
Background
User accounts in the OpenMRS Platform are secured with password hashes and salt; however, because OpenMRS did not historically include the ability to send email, the process for resetting password has been less than ideal. Currently, an administrator sets a temporary password or a user answers their "secret question" (a question and answer set the user previously provided). A medical record system should have a stronger approach to password security and not even an administrator should ever know a user's password (even temporarily). The current approach also puts an undue burden on administrators to reset passwords for users who have forgotten them.
...