We are in the process of implementing Kinetic for the first time. Some of our development accounts are Basic accounts. It’s been very difficult to reset the password. I expire and reset the password, but then there is no way to sign in. I can’t use a blank password or anything. Anyone else have this issue, and how was it resolved?
Thanks,
Kim
When you expire! Reset you should get an email with the new password. If I recall it should prompt you to enter an email address or use a blank password, that was in 2022.1 at least
do you have a password policy set? You should still be able to use blank.
Hi Kim,
Ensure that the accounts are not getting locked out after a password reset due to security policies. Also, when you reset the passwords, ensure that a temporary password is set that must be changed upon the first login.
Finally, check if the email configuration in Kinetic is set up correctly. Password reset often involves sending an automated email to the user with reset instructions. If the email system isn’t configured properly, the emails might not be sent.
Hila
If you want to allow blank passwords, you can use Password Policy to modify how the password rules work. If you check the box for it, you can allow blank passwords.
If you choose to use that, you would also blank out the email address in the popup window when you reset a password. This allows you to skip the temporary email password process all together.
Unsurprisingly, I’m going to push back on the blank password. For cloud users, it’s a non-starter. But even for on-prem, it’s far too easy today to use AI to generate a request for a password reset in the voice of the CEO, CFO, etc.
The only use case I can think of for a blank password might be a MES station that is fairly locked down. It is a pain to have to go around and log them all back in after an update or power outage etc… Right now we just have the passwords taped to the bottom of the screen 
I would generally agree and that’s why it’s off by default. In the event that email is not working for some reason though, it’s about the only other option left. I would certainly not suggest using this as a long term solution.
When using passwords, yes. For my dev environment, I use hMailServer to stand up a local SMTP server and I suppose that could work in the case of a mail outage as well. I’ve never used it but I have seen others use Papercut-SMTP as another free desktop SMTP server.
The ubiquitous kiosk is a real pain in the asking when it comes to authentication. Maybe there’s a solution with certificate-based logins with Entra ID? 
Heads up note for the record.
Under Password Policy Maintenance / Actions Tab
Additional tools:
I have not directly proven this myself, but have been told by Cloud Support that any blank passwords on Cloud environments are expired on a weekly basis. I DO have the experience of having a user tell me that the blank password I set up for them previously doesn’t work any more, and I’ve had to reset it for them, but I don’t know what their “schedule” is for the auto-expiration.
Friday’s from what I recall the documentation saying.
Edit: Add screenshot
I didn’t even know that was an option. I thought that feature was completely disabled in cloud. It should be.
In the cloud, the account locks overnight if you don’t set the password to something other than blank.
Seriously. A blank password in the cloud is unconscionable. Are we listing that practice on our cyber security surveys from customers and the cyber insurance provider? 
Before (or even since) you all think I’m a living security nightmare (at least for THIS reason)… in most initial implementations the Email settings aren’t created yet and won’t be for several months, and since this is in a PILOT environment with no data, I feel relatively confident that nobody will get hurt.
And yeah, it really isn’t a best practice for LIVE environments.
There has been times where the blank option was the only option. When that was the case I was sitting next to the user and had them log in and change it right away. I’ve had it where the temporary password from Epicor would not work, so after a few tries blank it is. But it is never left blank.