Client area problem, anyone can access any account

Hi

I have just noticed, client area is not protected at all. Inside the client are, the top left corner there is little window “Switch Account”. So can anyone access other accounts??? I have tested this (as a customer) and I was able to see other accounts (not all of them)
I can’t remember what I did when I created new customers ( Default, whatever that is)

So why is this and how can I fix it??? I DO NOT want a customer to see other customers accounts

Thanks

Hi @Patrick_K

Do any of your clients share an email address with another one?

As the logins are email based, once a client logs in with their email address and password, or view a pre-authorised link in an email, they can access any of the clients associated with their email address so they’re not managing multiple passwords.

For example, if you have Client A and Client C with a contact using dave@example.com, and Client B with a contact using jim@example.com, then Dave can log in as Client A, but easily switch to Client C.
Jim at Client B however only has the one account associated with his email address, so he will only ever see his invoices.

Of course, if you’re using different email addresses and you’re still seeing that clients can switch between accounts, then please let me know and I’ll grab a few more details from you so it can be investigated further.

Thanks for your reply

I looked and yes some of the contacts have 2 contacts details, so by deleting them the problem is solved.
It would’t be very good if any customer could see other accounts.

Thanks

1 Like

This topic was automatically closed after 7 days. New replies are no longer allowed.