Finding out what the problem is
You can access your reports at: http://YOURSITE.example.com/sblogin/report/ The only users who has access to your reports are the admin users. Strongbox reports are especially useful when you’re doing customer support so you can see exactly what the customer’s problem is – whether they are entering their password wrong, their username is expired, etc.
Do not “test” their user name yourself
Note that you SHOULD use the reports to see what’s going on when a customer has trouble. You should NOT “test” their user name and password by using it yourself. Some webmasters like to “test” by doing that, but you actually learn next to nothing from logging in yourself. That’s because you are using the the CORRECT user name with the CORRECT password at some later time.
That doesn’t tell you if they entered the wrong password, the wrong user name, the user name was suspended, it was on a rebill payment hold, etc.
“Testing” a user’s password really doesn’t tell you anything at all except that you know how to cut and paste. All that “testing” it yourself does is make the user name show as being used by multiple people and therefore get it suspended. So instead use the reports to see what the CUSTOMER is doing wrong or what their problem is.
If you do “test” your users credentials Strongbox may suspend your IP because it detects password sharing, if you really need to proceed this way, you may add your IP to @ignored_ips in Strongbox configuration file. or even @invincible_users if you accept the risk of having your admin username not protected by Strongbox if credentials are stolen.
We recommend having multiple admin users, one for each staff member and being able to login from a different IP in case yours get suspended.
Once you know what’s wrong
If they entered their password incorrectly (badpword), you may be able to look up the password via your processor, or just use the Strongbox admin to change it and email them the new password.
If the user entered their user name incorrectly (badpuser), you can simply tell them what the correct user name is.
If their password was shared, you can use the “re-enable user and change password” form in the Strongbox admin (may fail when using SQL databases), even better change user’s password from your payment processing company before enabling the user in the Strongbox admin. Note that if we have upgraded your site to use strong passwords and strong encryption, a password that is shared must have been shared by the user. If you have our strong passwords and strong encryption setup, it’s virtually impossible for a hacker to get it, except if the user knowingly posts it or shares it. Therefore if you choose to re-enable a password that it shared, you will want to include an appropriate warning about not sharing it.