If you change your own account's password through the administrative ability to force-change a password, you will inadvertently orphan your own credentials. However, if you use the My Settings configuration panel, this will not occur.
Administrators have the ability to change another account's password in the Accounts section accessed by clicking the Security option located on the menu bar. Changing your password or another user's password in this configuration area intentionally orphans any Credentials owned by the user. This is a security precaution that prevents another ipMonitor administrator from hijacking another account's Credentials for his own use.
ipMonitor users are able to update their passwords via the My Settings option in both the configuration and statistics interfaces. The password exchange is performed using a seamless shared 128-bit secret key over SSL and non SSL connections. A third party observing packets during the exchange will be unable to directly decipher or extrapolate the new shared secret (password).
Note: If you use the administrative ability to force-change a password, you will force all sessions owned by the user to be terminated. This ensures that all sessions have the correct shared secret key for that user.
For information on other features and concepts related to those discussed in this article, refer to the following ipMonitor resources:
Last Updated: April 19, 2006 | What did you think of this topic?