Password sharing is illegal

Discussion created by jackrodgersjr on Aug 7, 2017
Latest reply on Oct 26, 2017 by TSGal





Developers should consider whether or not they might be liable for password sharing and whether or not they followed good procedure so they could never be accused of knowing someone's password.


For instance, provide a temp password for a new user and require the user to change it when logging in (a simple checkbox). To change passwords for existing accounts, use the checkbox provided by FileMaker to force the user to change their password. You will never know this new password.


What about using a script to first get the user's preferred new password and then change it via a script in multiple databases? This implies the developer is now able to know the user's new password and could pass it along to others.


Can a developer be liable for any harm if their script uses variables to change passwords to a user's preference thus giving the developer possible knowledge of the password? Any volunteers for a test case in court?


The safest technique is to never get involved with changing the user password other than forcing the reset.

Next, if a client requires you to reset the user passwords using a script, have them sign a document accepting all responsibility and legal costs and protecting you from harm.


Summary: passwords are meant to be secret and known only to one person. The developer should have no method of knowing what the user has chosen as a password. There are plenty of methods a bad developer can employ that don't require knowing this password...