Highlighted

How to force password reset?

New Here ,
Jun 10, 2016

Copy link to clipboard

Copied

We are trialling Adobe Sign as a secure solution for job applicants to register their details. As such we require that their personal information is password protected. We are able to send out password protected links by invitation and confirmation email, but need the ability to force the signer to change their password on first logon, as the password we initially send them is in plain text. Does anyone know if this is possible, and also for the signer to reset their password by choice subsequently?

Thanks

Steve

Topics

Feature Request or Idea, Questions Need Help

Views

272

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

How to force password reset?

New Here ,
Jun 10, 2016

Copy link to clipboard

Copied

We are trialling Adobe Sign as a secure solution for job applicants to register their details. As such we require that their personal information is password protected. We are able to send out password protected links by invitation and confirmation email, but need the ability to force the signer to change their password on first logon, as the password we initially send them is in plain text. Does anyone know if this is possible, and also for the signer to reset their password by choice subsequently?

Thanks

Steve

Topics

Feature Request or Idea, Questions Need Help

Views

273

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
LEGEND ,
Jun 12, 2016

Copy link to clipboard

Copied

I think I am missing something. The password is to be able to open and sign the PDF. In this case it is being used for authentication purposes as well as encryption.  There is no way or need for them to change the password as the PDF is not really in the mail, but residing on a secure server.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Jun 13, 2016

Copy link to clipboard

Copied

Hi Michael, thanks for your reply. The password needs to be conveyed to the signer in the first place, and the only mechanism we have to do this is by clear text in an email, which is not encrypted. Should the signer's email be compromised then all their personal information in the form is also at risk of compromise, hence the need to for them to change it at first logon.

Thanks

Steve

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
LEGEND ,
Jun 14, 2016

Copy link to clipboard

Copied

If the person's email is compromised, then baddies can intercept your emails and send them their own form to fill out. If someone's email is compromised their computer can be compromised and they can record every keystroke. As a business you cannot control the consequences of your future employees or business partners having a compromised system. If you want to minimize the issues on your end, remove the form from Adobe's servers the moment the form returns.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Jun 15, 2016

Copy link to clipboard

Copied

Thank you for your reply. Yes, in theory a baddie could intercept the invitation email and use it to fill out their own form. But in this case none of the intended recipient's personal information (dob, address, bank details, disability status, etc.) would be compromised as it won't have been entered on the form. However once the form has been created then, without a change in password, a compromise of the recipient's email at any point before or after could result in a data breach. If Adobe allowed signers to change their password at first logon, not only would the window of opportunity for a hacker to create a form be greatly reduced, but the signer's personal information would NEVER be at risk as a result of the password being emailed in clear text. This is fairly basic stuff. Email is not a secure method of communication, and storing or transmitting passwords in clear text is a massive security fail without forcing a reset on first use of the system.

Regarding your suggestion to remove the moment it returns, we have already deleted a couple of test forms and both are still accessible to the signer. I have raised another ticket with Adobe to ask why.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...