Anonymous | Login | Signup for a new account | 2024-04-25 07:22 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Dependency Graph | [ View Issue ] [ Relation Graph ] [ Vertical ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0000948 | [In-Portal CMS] Front End | feature request | always | 2010-12-13 10:32 | 2012-07-25 05:33 |
Reporter | Dmitry | View Status | public | ||
Assigned To | alex | ||||
Priority | normal | Resolution | fixed | ||
Status | closed | ||||
Summary | 0000948: Change in "Forgot Password" logic | ||||
Description |
There are several issues with current Forgot Password functionality: 1. User nees to perform 6 steps to restore his password (he also needs to go to his profile to change it to whatever he want later). Not too user friendly. 2. It's not secure to send passwords by email. 3. Auto-generated passwords are very hard to remember (not user friendly) vs. the ones that user enters on his own. Proposed solution is to send "forgot password" like link to his email and then he can change his password to what ever he wants. Simplify this scheme this way: 1. user clicks "Forgot Password" link on login page 2. user enters his email or login 3. user presses "Send Password" button 4. user receives email with confirmation link 5. when user clicks on that link, then he is brought to password change form where user enter his new password (2 times) and immediately got logged in This way user gets his password changed quickly and new password isn't sent by email. NOTE: There is a need to add a hint to "Assign password automatically" configuration option under Configuration->Users:General section, saying: "Not encrypted passwords will be send to user by email" |
||||
Additional Information |
Currently it works this way: 1. user clicks "Forgot Password" link on login page 2. user enters his email or login 3. user presses "Send Password" button 4. user receives email with confirmation link 5. when user clicks on that link, then he is brought to confirmation page 6. when user clicks "Yes" on that confirmation page, then new password is generated and sent to it by email (not too secure) |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |