Resetting User Passwords the Easy Way(s)
Published August 16, 2024
Password Resetting
Part I of this guide covers password resetting in general. Part II provides step-by-step instructions to performing a manual password reset.
Part II is designed to be reasonably self contained. If needed, you can skip straight to the Manual Reset part of this guide, and return to Part I at your convenience.
Part I: General Considerations & Important Information
1. If you give a participant a password…
A common complaint administrators deal with is users forgetting their passwords. For the most part, the users in question are participants, for the simple reason that most users on any given site are participants.
Having a password reset is a simple process. Actually, it’s several possible simple processes. Which process (or approach) depends on the particular situation. For example, if you have the Lost Password Feature disabled, then this won’t be an ideal method (at least until you enable it!).
Unfortunately, when you add simple processes together, combine them with user errors, ignored emails, redundant requests, and so on, you get a potentially complex tangle. We don’t want that. Hence this guide.
We’ll cover topics directly and indirectly related to resetting passwords. With the exception of section 4 (Automatic Reset Options), most of Part I is about providing you with important information that will give you a better understanding of your options and when to use which approach. We’ll start with the simplest case.
2. SSO: Exceptions for the Exceptional
If your site has SSO, and particularly if it requires all users to sign in using SSO, then much of the following will not apply to you. Indeed, perhaps the only takeaway for those who require SSO for all users is that using SSO doesn’t prevent participants from emailing you about their passwords or login information. It does change the response: If they can access their accounts via SSO, then they don’t need a password or login information.
Instead, for SSO enabled sites, authentication is handled via the university, and the university manages the passwords and any security requirements for users. This makes SSO the most secure option.
We broach this topic first because we’re emphasizing simple, and a password reset that doesn’t need to happen at all is as simple as possible. This is one reason we recommend using SSO (single sign-on) when possible, as then account credentials are managed outside of the system, by your university’s login servers. This also means users do not need to keep track of separate credentials to use the system, and therefore the normal password reset tasks become moot (for more on SSO and Sona, see our SSO Integration Guide).
3. System Settings
Although we won’t be covering how the “forgot password” feature works, the feature itself is relevant. Partly, this is because administrators may not be aware that this is a setting, and can be enabled or disabled. For many administrators, though, it’s relevant here because, when participants run into problems using it, that’s when administrators can turn to the manual reset option (Part II). We’ll get to that later. For now, we just want to know how to find this setting.
From the Set Up dropdown menu, select System Settings. Then scroll down until you see Lost Password Feature:
4. Automatic Reset Options
Simply typing in a new password for a user is certainly quick and easy. It may not be the preferred method. For example, if your system doesn’t have the Lost Password Feature enabled, this method offers certain advantages. Before we look at these, let’s quickly see how it works.
Suppose a participant sends an email to the Sona administrator (you) saying they have forgotten their password. Let’s also suppose they haven’t tried the Lost Password Feature, either because it isn’t enabled on your site or they didn’t know about it. As the administrator, you can have a randomly generated password automatically sent to the user (as if they were using the Lost Password Feature).
First, go the User Management dropdown menu and select View and Edit Users. In the search bar, start entering in the participants name (start, because the system will auto-complete for you):
This will take you to that participant’s user information page. Scroll down to the section Login Information Last Sent, where you will find the buttons to send login information to this participant:
Note that you want the second button, which will reset the password for the participant. After you have this information sent, contact/reply to the participant letting them know they’ll be receiving an email on resetting their password.
Part II: Manual Reset
Just Type It
We’re going to assume you’ve read the first section (or are in a hurry and will come back to it), and are therefore ready to simply reset a user’s password.
The manual reset is simple, but it isn’t the preferred method. The preferred method would be for the participant to click on the “Forgot Password?” button on your Sona home screen. The manual reset is more of a last resort. It’s used in cases where other methods fail, such as when a participant has tried the Lost Password Feature and it hasn’t worked (at least, so far as they can tell). Instead of a lengthy and possibly fruitless troubleshooting, trial-and-fail process that is (maybe?) only resolved when the participant realizes they’ve been checking the wrong email account, we have a simple, built-in alternative. You can perform the reset by hand yourself. After all, that’s what the “manual” reset method ultimately is: using your hands.
It’s a quick process. Here, we’ll show you:
Here are the steps:
- Select View and Edit Users from the User Management dropdown menu.
- Type the user’s name into the search bar. Then you can either use the auto-complete (as in the video) or select the user from the search results:
- From the user’s information page, scroll down to the
New Password
section and type in a temporary password of your choice. - Scroll down to the
Email user with their login information?
section, and make sure the “No” option is selected: - Click the “Save Changes button, located right below the
Email user with their login information?
section - Contact the participant via your university email (not via Sona) to let them know their new login information. Be sure to tell them that, once they have successfully logged into their account, they should change their password to a new one.
That’s it! The actual password change can be done in under 20 seconds, and it takes only a little bit more time to contact the participant with the login information and instructions to change their password.
Simple. Just as we promised.