I just created this tool for our CSRs here in my company. And the 1st thing I said was please change your password once signed in. (Well I gave them all the same password initially).

The passwords are all encrypted when i look at the raw value in the table. Guess what I saw. All have the same encrypted password. Meaning they haven’t changed their passwords. I guess it beats the whole purpose of all the tracking and user logs. if anyone of them is smart enough to try other account using a different password. instant access.

I guess I should have created a force change password once signed in for the 1st time. (like what google does). or maybe i initially gave them all different passwords to begin with. But its too troublesome to do both. i just let it pass.

bottomline, im just sharing this, incase anyone (who accidentally, for some reason) is reading this post and have the same problem.