Rocket.chat December Update Removed the Password Field?



  • So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Anyone else seen this? Or even more importantly, anyone found a work around that doesn't involve manually interfacing with SQL commands?



  • Bad move by them as alot of people are using tools like Slack instead of email (especially internally).



  • @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?



  • @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere



  • @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere

    the amount of people unwilling/unable/whatever you want to call it continues to astound me! people click that remember password, then completely space that they even have one. it's likely the single most insecure thing a vendor can do to their product. of course now scott will argue that it's clearly not - if the user sets a really strong password, and types it in once and the software remembers it -that's better than the user typing in a crappy password 20 times a day.



  • @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere

    When you work with end users, especially in medical, putting in a password or even finding the login screen is a huge struggle.



  • @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    if the user sets a really strong password, and types it in once and the software remembers it -that's better than the user typing in a crappy password 20 times a day.

    And that's something we as a vendor do. Use strong passwords that we don't store. Users REALLY don't understand tough passwords, or how to generate them, or how to copy/paste them, etc. So having us make a 20 char fully random password that is stored nowhere so that one chat client can log in automatically is really pretty decent.



  • @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere

    When you work with end users, especially in medical, putting in a password or even finding the login screen is a huge struggle.

    Do you bill separately for something like this as in count it towards hourly rate?



  • @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere

    When you work with end users, especially in medical, putting in a password or even finding the login screen is a huge struggle.

    Do you bill separately for something like this as in count it towards hourly rate?

    All our time is billed. They are having us work, so we get paid. Just like any hourly employee would.



  • @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    if the user sets a really strong password, and types it in once and the software remembers it -that's better than the user typing in a crappy password 20 times a day.
    So having us make a 20 char fully random password that is stored nowhere so that one chat client can log in automatically is really pretty decent.

    Forcing a 10 character password is pretty secure and not uncommon for users. Some sites require 12-15 characters, sure they can be simple but requiring special characters and numbers obviously helps.



  • That's why we are happy to do all kinds of labour items. We have a customer that has us log in to a manager's email and go message by message deleting what they don't need. We get paid by the hour and charge enough that we like getting work (that's the idea with all work, right?) so just because the work is boring and repetitive, that's an awesome job for someone that otherwise wouldn't have a job. It's great for the customer, great for us. It's not IT, but it's just general business labour. Just "general literate work".



  • @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    That's why we are happy to do all kinds of labour items. We have a customer that has us log in to a manager's email and go message by message deleting what they don't need. We get paid by the hour and charge enough that we like getting work (that's the idea with all work, right?) so just because the work is boring and repetitive, that's an awesome job for someone that otherwise wouldn't have a job. It's great for the customer, great for us. It's not IT, but it's just general business labour. Just "general literate work".

    Thats actually a neat concept. Providing low level support that is probably much more affordable than paying a SME unless they need a SME for a specific task.



  • @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere

    When you work with end users, especially in medical, putting in a password or even finding the login screen is a huge struggle.

    Do you bill separately for something like this as in count it towards hourly rate?

    All our time is billed. They are having us work, so we get paid. Just like any hourly employee would.

    You bet your ass he's getting paid - so many doctors offices want exactly this. it's just insane!



  • @IRJ said in Rocket.chat December Update Removed the Password Field?:

    Thats actually a neat concept. Providing low level support that is probably much more affordable than paying a SME unless they need a SME for a specific task.

    Yeah. What's really funny, though, is one place that did it it was a really belligerent managing director and it exposed what we had been saying all along... that anyone could do their job and do it better and not be a jerk about it and that they were not adding any value to the company. They had been there forever and figured out how to be "indispensable", but were valueless other than data extortion.

    Not saying this one thing was the nail in their coffin, but that an outsourced, low cost, no-special-skills labourer did their job faster and better could not have looked good when they got evaluated and quickly fired right after that. We had offered to management to outsource all of her work like that as nothing she did required even a modicum of skill. So her being local would likely costing them 300% what one of our staff would bill them for, and she made people want to quit because she was so mean to them and our person was silent just doing the job.

    If it is a legit "offloading wasted time tasks", it's a brilliant way to go. If it is "trying to have someone with no training or special skills do my job for cheap so that I can do nothing", people will probably notice.



  • @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere

    When you work with end users, especially in medical, putting in a password or even finding the login screen is a huge struggle.

    Do you bill separately for something like this as in count it towards hourly rate?

    All our time is billed. They are having us work, so we get paid. Just like any hourly employee would.

    You bet your ass he's getting paid - so many doctors offices want exactly this. it's just insane!

    Wasn't a doctor in my example, but sure could have been. And a doctor is a good example of someone who should do this all of the time... because they aren't trying to outsource their value (actually practicing medicine), just outsourcing the stuff that takes them away from doing more of that.

    Offloading things that take you away from your value, that's smart. Offloading your only value, that's dumb, lol.



  • @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    @IRJ said in Rocket.chat December Update Removed the Password Field?:

    @Dashrender said in Rocket.chat December Update Removed the Password Field?:

    @scottalanmiller said in Rocket.chat December Update Removed the Password Field?:

    So our Rocket.chat server updated on December 26th. And now the password field for users is gone. I'm assuming that this is not a bug, that they are attempting to annoyingly force you to send users logins by email. That's pretty crappy, if that's really what has happened, as this is self hosted and we have some users without email addresses (they use Rocket instead) and will have to make email just for this (don't want tied to personal or whatever and work doesn't provide for them) and most of our customers can't handle password resets and ask us to handle it and to put the password into their desktop for them and have it sign in automatically. We can still do that, but it requires us doing a lot more work and getting access to their email now as well. Lowers security a lot and makes the system a much bigger pain.

    Do they ask you to wipe they bum as well?

    Yeah that seems a bit extreme. I mean if you've used a computer in any fashion in the past 20 years you've signed in with a password somewhere

    When you work with end users, especially in medical, putting in a password or even finding the login screen is a huge struggle.

    Do you bill separately for something like this as in count it towards hourly rate?

    All our time is billed. They are having us work, so we get paid. Just like any hourly employee would.

    You bet your ass he's getting paid - so many doctors offices want exactly this. it's just insane!

    Wasn't a doctor in my example, but sure could have been. And a doctor is a good example of someone who should do this all of the time... because they aren't trying to outsource their value (actually practicing medicine), just outsourcing the stuff that takes them away from doing more of that.

    Offloading things that take you away from your value, that's smart. Offloading your only value, that's dumb, lol.

    I get the ditching of the low level shit one someone paid less - allowing the professional more time to make the big bucks for the company/themselves...

    But often times to do that, you frequently have to delegate a ton of abilities onto this lower level person to the point that you might not be able to tell who's doing what... Or you have to have a system that fully understands that need for delegation and provide it while providing tracking - which is something most systems are fully missing.

    Example - setting up a new phone/PC, etc. most of the time the credentials are needed not from a delegate, but from the primary themself's to setup these apps - which means the primary has to give those creds to the helper so the helper can do the setup while the primary is doing other work.
    Of course, you assume you can trust the helper in these cases. It would be interesting to see technology advance to allow the configuration for a user through delegation, while at the same time still logging the work accomplished by the helper.

    Thanks Scott - you helped/forced me to walk all the way through the logic on that one.



  • @scottalanmiller

    Yeah i faced the exact same issue, wanted to make alternative whatsapp thing just using apps and now the extra email thing is causing hassle, however that said you can register users manually and that will create passwords, like open registration feature, which is by default is enabled and head to your RC webpage and register. open it in incognito


Log in to reply