Allow email accounts to change their own Webmail/SMTP/POP3 passwords without creating a Plesk user
We have lots of staff members who need an email address, but should not have access to Plesk in any way at all. Currently, the only way for them to choose a password, is to choose one and tell the Plesk Administrator what that password is, and have the Plesk Administrator configure their password for them. This is extremely unsecure. Something as simple as a 'send password reset link' button in the Email account configuration would work. This button would send an email to that account, and allow the email user to click on the link to change their Webmail/SMTP/POP3 password in a secure manner.
Brian
shared this idea
No Plesk user account is needed to change the password of a mailbox. Instead, the user can login into his mailbox using webmail and change his password out of his webmail access. For example use Roundcube: Login to the mailbox in Roundcube, then click "Settings" > "Password" to change the password of the mailbox. The only requirement that this works is that the "Mail password change service" is allowed in the firewall, because password changes using a mailbox require a specific port. The port is open by default.
-- PD
-
Michel
commented
We use IMAP as an authenticator for Wordpress, Owncloud and other. It works greate bu Our Guests need a way to change their forgotten Password.
Please Provide a single Website with no other Option then to do the forgotten Password thing or the change Password.this Vote seems to be the same subject:
https://plesk.uservoice.com/forums/184549-/suggestions/14903595- -
Brian
commented
I talked to Customer Support about this issue, and they said that was not possible. I go to the webmail account, click on Preferences, and click on Password, and the window is empty and a notification says 'There are no preferences available for this application.' -- i.e. you cannot change your password via webmail. If you know how to do it otherwise, please send a screenshot.
-
Brian
commented
This button would be located in the configuration for the specific email account. This button would send an email to that email account and would allow the email user to click on the link to change their Webmail/SMTP/POP3 password in a secure manner.
I can't believe this kind of feature doesn't exist, as the other options are extremely anti-security.
Currently, the only way to allow email accounts to change their password is to create a Plesk user, and allow them to change ANYONE's password. This is extremely unsecure.
A more secure method (but still very anti-security) is to not create a Plesk user for them and tell the Plesk Administrator what their desired password is, and have the Plesk Administrator configure their password for them. The Plesk Administrator then knows everyone's email password - this is not secure either.