Forums/Product news and updates/Release notes

Changes to passwords, topic votes & fixed stuff

Jake Holman
posted this on April 19, 2012 13:05

A few small items this week, after adding both Lotus and our new placeholder autocomplete last week.

New Stuff

  • We've made some changes to how password resets work for user profiles. 
    1. It's no longer possible to change the password of someone in your Zendesk account through the interface. Instead, you can "Reset" their password. This will send them an email giving them a link to reset the password. The process is very easy for them to follow. 
    2. If the user does not have a password yet, there is a link to say "Create password". This too will send them an email asking them to create a password for that particular profile.
    You'll find the links for these by going to a profile and "Actions" in the top right.
  • If a topic doesn't have any votes, the button which appears will now read "Be the first [to vote]" rather than "Me too!", which made no sense when there weren't any votes.

Fixed Stuff

  • We've increased the timeout for our Salesforce widget, which finds contacts. If you have a very large Salesforce account, lookups are very slow which we didn't expect. We'll now wait longer before deciding the lookup has failed.
  • When viewing a closed ticket, JavaScript was throwing an error, which would break some widgets on that page. We've now fixed this issue.
  • The {{current_user.tags}} placeholder was rendering all tags without spaces, which made it pretty hard to read them. This is resolved.
  • The anonymous ticket submission form was skipping validation for the blank email field. While this didn't result in users being able to create tickets, we now show the correct validation if no email was included in the form.
 

Comments

User photo
Ken Strange
wordex

This doesn't work for us - previously when admins could change a password to a temporary one so the client could login immediately while on the phone then they could change the password by the link once logged in, and this saved a lot of time.

Sometimes the emails to reset passwords can't take 5-15mins to come we find, and it takes too long when an agent is trying to assist over the phone with navigation around the support desk.

We'd like an option in the account to switch it back on.

April 25, 2012 20:58
User photo
community engine

Agree with Ken on having an option to revert back to the previous method of being able to change passwords.

April 25, 2012 21:44
User photo
Rollie Villaflor
Versata

I agree also with Ken.  We had the same process with our users which made it faster for them to gain access to the help desk.  It would be great if we have the option to revert back to the previous process.  

April 26, 2012 06:25
User photo
Johannes Schunter

Dear Zendesk team,

This change is a total disaster!! I used to be able to help my agents with password problems within seconds. Now that I can't edit their password anymore manually under "Identities" it became way more cumbersome to provide my agents with passwords ☹

Just one example! When I manually verified them, without them ever logging, the request password email they get says they are already verified and they cannot set their password.

Please please please bring this feature back!!

April 26, 2012 09:07
User photo
Andy Gambles
aguk

I have to ask does Zendesk discuss any changes with customers first?

This is like the 'end user updated ticket while logged out' problem that still exists.

Just because you think it is right does not make it right for all customers. For the massive price tag Zendesk has I would expect much better implementation of changes.

April 27, 2012 14:07
User photo
Online
skorydov
Is there a way I can revert to previous settings only as there can be a case when the e-mail address to which the password reset link is sent is not accessible. Earlier system was a quicker one. 
This could be given only to In-charge/admin account.
April 28, 2012 04:52
User photo
Javier Miguel-Hidalgo

Hi,

This is an absolutely terrible change and one that makes administrative tasks longer and more complicated.
Can you either revert this change or give us the option of going back to the old system pls?

Why didnt you just put it in the Beta and see what we thought before implementing a change like this?

May 02, 2012 02:42
User photo
Arnaud de Theux
Zendesk

I agree that, at least for admins, changing the password in the interface was very quick and handy.

May 02, 2012 03:15
User photo
Jamie Miller
engineyard

I agree, especially since we use an SSO login. When people want to use your mobile app (ipad/iphone) they need a ZD specific password to do so. It was easy for us to do for them. 

May 02, 2012 11:45
User photo
Robert Lounsberry
alienskin

I agree. I think the new option is much more time intensive than the old option. It has its good points because it is very easy for end users, but as an admin, I would still like the ability to go in and set a temporary password that the user can update him or her self just like you used to be able to. 

I beg you to please bring back the old method or at the very least provide admin's with the ability to manually set a users password. Then if needed, they can use the email link when they have the time. I just spend 20+ minutes trying to get our new employee into Zendesk so he could work on something. Previously it would have taken less than 30 seconds to do this. That is time wasted and as we all know, Time = Money.....

May 02, 2012 11:48
User photo
Johannes Schunter

This is a disaster. One of my agents didn't have access to Zendesk for SIX DAYS because the email got stuck somewhere in the firewall of their duty station in Thailand, and after several mails back and forth with Zendesk support we had to ask Zendesk to provide us the logfiles of the emails being sent, which eventually enabled the IT unit of our Bangkok duty station to identify the mails.

The old feature allowed us to resolve such a situation in one minute, not six days!!! This is the worst feature change ever and did cost us actual money!! Unacceptable :-((

May 02, 2012 12:30
User photo
Alun Carp
abiquo

I have found so far that the only way to get responsiveness from Zendesk is to open a support ticket.

Given that Zendesk is [supposedly] all about creating a great customer support experience it is very disappointing when they make this type of change. As has already been noted in this thread, agents previously could assign passwords to end users allowing them to get access real quick, now we have to rely on email systems which, as Johannes reminds us, are not always reliable.

Zendesk, if you really must make such changes to the workflow of our agents and customers please leave the fallback option of our Admins still being able to perform this task.

Still not loving your Zendesk!

May 02, 2012 17:47
User photo
Ken Strange
wordex

Alan - I lodged a support ticket with them before I posted the first comment here - they replied as follows:

"Thanks for reaching out. Unfortunately at the moment you cannot revert back to the old setting where the administrator can change the password for an end-user.

It is an essential security feature which is required to avoid the spoofing attacks on your Zendesk accounts. Your Zendesk account gets vulnerable to security threats when you manually pass the password to your end-users.

If you are dissatisfied by this security feature, you can leave a comment below the forum article and here your request can gain traction through community input and voting to provide our Product team valuable feedback for future changes to Zendesk.

Our team frequently visits this forum to consider functionality changes and feature requests from our online community.

I hope this information helps. If you have more question, I will be happy to help.

Love your helpdesk"

May 02, 2012 17:57
User photo
Amanda Birch

I also agree that we need this back as we use SSO and as Jamie says earlier on we need this for mobile app access. Please re-consider.

May 03, 2012 01:10
User photo
Jeffrey Davidson
iasta

Ditto on the SSO bit. I think there did need to be a better method than just typing in a password, but now I can't add anymore mobile users, or anyone using the awesome Chrome extensions.

May 03, 2012 04:03
User photo
community engine

Jake, no feedback on this yet? There are a number of your customers here (including me) complaining about this change to passwords, so it would be great if you could please provide a response on the likelihood of the password update functionality returning to admins in the near future. It also goes without saying that it would be nice if your customers were allowed some input before such a change was made.

May 03, 2012 15:45
User photo
J.R. Miller
einstruction

We do not have as much need to change passwords manually, as what has been communicated here. While I can see the need in the future - We're not greatly impacted by this... right now, anyway.

That being said, however, it is disconcerting that such a change was implemented without any notice to your customers. As has already been expressed, this change isn't one that only negatively affects a very narrow target; this affects a very large target group. This isn't a minor change/improvement, but a major change in process and administrative workflow.

This really should have been announced prior to actual implementation.

Zendesk, please learn from this experience and at least offer customers a heads-up before changing anything of this nature and/or scale.

May 03, 2012 16:38
User photo
Ben Rohrs
Product Manager

Local (non-SSO) passwords can be created for mobileusers with the new password functionality. To do this, go to a user's profile and on the actions pulldown, select "Create Password". Once you confirm, a link will be email to the user so they can specify a local password to be used when logging in to the mobile app or /access/normal. If a user already has a local (non-SSO) password, you'll be able to initiate a password reset from this same actions menu. I apologize I didn't make this more clear in our documentation. Please open a ticket if this is not working for you.

May 09, 2012 12:18
User photo
Robert Lounsberry
alienskin

Will we as administrators ever get the ability back to manually change a password? This is a needed feature that has been taken away from us with no notice. The time frame is way to long for the email option. 

May 09, 2012 12:20
User photo
Andy Gambles
aguk
It is frankly ridiculous that an administrator can not set a password. Zendesk has become inflexible and too slow to respond. Time to move to alternatives.
May 09, 2012 12:22
User photo
Ben Rohrs
Product Manager

For those of you who would prefer to revert to the existing password functionality, we're building a feature so account owners can revert this setting to the old model. I encourage you to try the new model since it's a bit more secure, but we'll soon allow you to make this decision for your help desk. I apologize we didn't give advance warning of this change and appreciate the feedback here, this was my mistake and we'll provide more notice next time.

May 09, 2012 12:22
User photo
Robert Lounsberry
alienskin

Thank you very much Ben. I appreciate you guys adding this functionality back to Zendesk. Please Please Please announce a change like this in advance the next time. This has caused a lot of avoidable frustrations. 

May 09, 2012 12:26
User photo
Andy Gambles
aguk
Why are we still waiting though? Why is it taking so long to make this change back to how it was? Just like the suspended tickets debacle. Why is this not in place now or rolled out in the next hour? This is why I plan on moving away from zendesk. You guys are just implementing what you want when you want and being completely unresponsive and taking far too long to change anything.
May 09, 2012 12:29
User photo
Neil Lillemark
electriccloud

Andy:

Just out of interest - what industry are you in?

Neil

May 09, 2012 13:12
User photo
Andy Gambles
aguk
Neil, I sell stuff to hosting companies - www.servertastic.com
May 09, 2012 13:22
User photo
Ben Rohrs
Product Manager

@Andy: I can understand your frustration about this delay. We thought we had a quick fix for this last Friday, but ran into issues and now have an engineer dedicated on building this back into Zendesk. It's a bit complicated to build since both password reset procedures will exist in the code, although only one will be active for a given help desk. We should have something very soon and I'll add a comment once it's in place.

May 09, 2012 21:18
User photo
Ben Rohrs
Product Manager

As I mentioned before, we're working on a change that will allow account owners to revert back to the old password functionality so you can choose to set users' passwords - that’s not going to change. This change is going through QA and we hope to release this functionality tomorrow. In the meantime, I wanted to briefly explain why we made this change in how passwords are managed in Zendesk.

Some of the most successful malicious hackers in history have used social engineering techniques to deceive well-meaning people into providing confidential information. The easiest way of doing this is calling or spoof-emailing into customer support center with the classic “I’ve forgotten my password and I can’t recover it” line, and persisting until a support agent has no choice but to change the password manually for the irate “customer”. Once that password is changed, that social hacker is able to get access to a lot of information.

Knowing this information, Zendesk wanted to be proactive and remove this risk for all agents. We followed common practices used by other SaaS applications so users can choose their own passwords after verifying their identity. This approach also eliminates the possibility that agents know a user's password, and also removes the risk that the password is compromised during communication to the customer.

When we consider an enhancement, we always weigh the pros and cons. In this case, it seemed like such a clear pro that we didn’t believe anyone wouldn’t want this. In hindsight, this was clearly a mistake and one which we’re now rectifying.

I hope you will consider this new method for setting passwords, but we'll leave the choice up to you.

May 14, 2012 21:58
User photo
community engine

The explanation is appreciated Ben, and the reasoning behind the change is understood. However I will request Zendesk to further think about how future changes affect administrators (as most people visiting your forums will probably be the admins of their Zendesk account) and administration features, and offer an opportunity for consultation/feedback before implementing such changes. Or at least introduce the new change, with the old version of the function still in place and advise customers of best practise and the reasons why they should use the new version of that function. I'm quite sure you'll be able to see how often the old version of that function is used less and less over time which may be a reason to then disable it. Even at that point in time I'd still like (as an admin) to receive a heads up that a function is going to be disabled (1 weeks notice (at least) would be ideal).

May 14, 2012 22:09
User photo
community engine

@Ben and the Zendesk team - thank you (sorry forgot to add it to my response previous to this) for reintroducing this feature.

May 14, 2012 22:09
User photo
Ben Rohrs
Product Manager

All,

Account owners can now revert back to the old password functionality that allows admins to set users' passwords. This can be toggled only by account owners from Settings > Security > Password Policy. On this page there will be a new section labeled "Allow admins to set passwords". If the checkbox is enabled, the help desk will function as it did a few weeks ago--admins can set passwords for users. The default for this setting will be OFF. Also, if the setting is enabled, agents can still reset passwords.

Please create a ticket if you have any issues getting this enabled for your account. Thanks for your patience on this!

May 15, 2012 16:32
User photo
Ken Strange
wordex

Thanks Ben and Zendesk!

May 15, 2012 16:55
User photo
Carsten Falborg
IKEA

@ben Great work. An excellent example of a company listening to their user/customers and actually taking action on it instead of stubbornly standing their ground. Many companies should take notice - this is how it is done...

May 15, 2012 23:53
User photo
Mark Stocks
jedunn

Settings > Security > Password Policy. "Allow admins to set passwords".  

I don't have this option and I have a system user that I need to reset the password for.  This user is the user that does our "Round Robin" for ticket assignment.  How can I get this feature enabled?

July 17, 2012 08:33
User photo
Ben Rohrs
Product Manager

@Mark: You need to be an account owner to see this setting. If you're an account owner and still having issues, please contact support@zendesk.com and we can help you troubleshoot.

July 17, 2012 08:38
User photo
Loren Justins
netconn

Cant thank you enough for getting this back in. 

July 29, 2012 16:45
User photo
John Berlet
evolvondemand

Just an FYI for everyone if it wasn't clear, but this new checkbox option "Allow admins. to set passwords" is required to be checked in order to bulk create/import users. Found out the hard way that even though I set a password for my list of users, this didn't take and they were all sent emails asking them to create a password (annoying to say the least).

More heads-up about this feature would have been helpful (found this out after opening a support ticket with Zendesk).

 

John

October 15, 2012 09:58
Topic is closed for comments