Q1. What is the problem that you are trying to solve?
Currently, if a team member loses both their passphrase and their recovery kit, the only solution is to delete their account and recreate it. This is time-consuming, disruptive, and leads to lost context (e.g., shared passwords, group memberships, and audit trails). We want to enable a system admin to trigger a secure reset procedure, allowing the user to regain access without starting from scratch. We can measure success by a decrease in account deletions and a reduction in the time users spend recovering access.
Q2 - Who is impacted?
This feature primarily benefits users who have lost their credentials and recovery kit. It also benefits system administrators by reducing overhead and complexity when helping users regain access. Overall, it improves the entire organization’s productivity and security posture, as fewer accounts need to be reissued and less sensitive data is lost.
Q3 - Why is it important and/or urgent?
It’s strategic to provide a smoother recovery process, aligning with security best practices and user experience improvements. It helps meet organizational objectives related to operational efficiency and user satisfaction. By ensuring a secure, yet convenient, recovery method, we can reduce downtime, improve trust in the solution, and mitigate the need to rebuild user profiles frequently.
Q4 - What is your proposed solution? (optional)
Proposed approach:
Introduce a “Reset User Secret” function accessible by system administrators. This would:
- Allow admins to generate a secure, one-time-use link.
- Send this link via email to the affected user.
- On clicking the link, the user would undergo a verification process (e.g., additional authentication factor or admin approval) and then be guided to set a new passphrase and download a new recovery kit.
- Existing data, group memberships, and permissions remain intact.
User Story:
As a system admin, I can initiate a secure, one-time reset link for a user who has lost their passphrase and recovery kit, so that they can regain access to their account without losing their existing data.
Test Scenario (Given, When, Then):
- Given: An admin is logged in to the admin dashboard and a user reports loss of passphrase and recovery kit.
- When: The admin selects “Reset User Secret,” and a one-time reset link is generated and emailed to the user.
- Then: The user clicks the link, passes additional verification, sets a new passphrase, downloads a new recovery kit, and all their previous permissions and data remain accessible.
Additional Requirements:
- Functional:
- The reset link must expire after a configurable time (e.g., 24 hours).
- Only admins with appropriate permissions can trigger the reset.
- Non-Functional:
- The process should be auditable, logging who initiated the reset and when.
Wireframe Idea:
- Admin dashboard: A button next to a user’s profile: “Reset User Secret.”
- Confirmation modal: “Are you sure you want to initiate a reset for this user?”
- Notification: “A reset link has been sent to [user’s email].”
- User email: “Click here to reset your passphrase. This link will expire in 24 hours.”
- User flow: Click link → Verify identity → Create new passphrase → Download new recovery kit → Confirmation message.