Request to change MobileClient password

V5 Question
1

Good morning
The mobile client documentation requires passwords to be setup for the Android Mobile client.
These passwords are seriously too easy to guess, and I had a situation where someone logged on by guessing this password and working on the tickets.

Is there any way this password can please be changed to something harder to guess, like an alpha-numeric combination… Or better yet, let us set this password on the mobile client settings page and then on the sambapos user list. Please.
Thanks

2

You can set your own passwords for users in waiter role.

3

Hello @Jesse
You don’t understand. The android mobile client requires an integration pin number/password.
This is a pre-programmed password (it seems) and it is for example 0000
This is easily guessed and if you change this the tablets (android clients) don’t work!
So please, I know I can change use passwords, I am asking for the mobile client development team to allow us as administrators to change this simple password ourselves to something more complicated.

4

Your not using it to login to mobile client are you?

5

I am not, but one of my waiters worked on the main SambaPOS desktop version and guessed this code. This code has access to a lot of things I don’t want them to be able to have access to. So, somewhere in the development of the integration, this code is used in the background. Well, that is what I am guessing.

6

Ok so you mean he logged in as admin on the main terminal?

7

I understand more than you realize. I’m trying to understand your specific need. We may be able to do something.

8

Yes. And all of our admin password are extremely difficult, but he guessed numbers, and by luck he guessed the Android Client’s password which has access to all those features.

9

I’m pretty sure we can lock that down. Let me look at it.

10

Hey, okay so, I checked in the management console and realised, the MobileClient user with code 0000 was from the previous (and first) versions of the Android client, and so this I am going to remove… The documentation states a new password which is a bit longer and more complicated, let me first test this and see if it affects the current version of the Android Client before you do too much effort. I will let you know in the next 10 minutes

11

Your talking about the pda user right?

12

Yes, and no… :slight_smile:
I was talking about the MobileClient which was the first user to be setup as the one we know today as the PDA user. So, I never removed this MobileClient user when we upgraded the Android Clients. The PDA user password is a little bit more complicated.

I have tested the Android Clients after removing MobileClient and it seems to work fine.

13

Yes that one is a year old almost now. In fact it was the second version of it. Pda is the third.

14

I will say it would be good to add the ability to map users to applications restricting its use to only that application. @VehbiEmiroglu

15

I mean your waiter can simply go to the knowledgebase and get that password lol. If he did that I would fire his butt.

16

Very good idea.
And yes, the waiters can simply read the user manual and see the passwords… I second your idea of mapping…

17

I personally do not like how you have to enter a specific password to go to settings on the client either. Its awkward and nobody else codes apps like that. We always have ability to set our own.

18

I will visit mobile app with them soon. We are focused on US Card integration and a few other projects but I think they are hiring some developers so maybe we can see more progress on these other projects.