Skip to main content

Checkup Documentation

Blank passwords (admins)

cms-user-blank-password-admins

Summary

Important Security Note: If your site has custom authorization configured this check may not be applicable.

Having users with Global Administrator privileges that have blank passwords is a serious security issue and must be corrected immediately. Global Administrators have full access to all areas of the administrative interface of your site including user and e-commerce data. 

The easiest way to deal with blank password issues is to enforce a Password Policy. To learn more about forcing a password policy please visit the cms-settingskey-force-password-policy page.


Check Logic

Constant Care for Kentico will ensure the number of admin users with blank passwords is no more than 0 (default)

You can manage your settings for this checkup in the Constant Care for Kentico admin settings.


Verifying The Check

To manage individual users you can navigate to the Users Application.

From there you can edit individual users and set and/or reset their passwords. We highly recommend that there never be an administrative user with a blank password.

Changes to your site should only be made by an experienced Kentico Xperience developer. If you need assistance in making these changes please reach out to the Toolkit For Kentico team to be connected with a Kentico Xperience partner.