Anonymous | Login | Signup for a new account | 2024-04-18 11:06 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
View Revisions: Issue #948 | [ All Revisions ] [ Back to Issue ] | ||
Summary | 0000948: Change in "Forgot Password" logic | ||
Revision | 2010-12-13 12:45:02 by alex | ||
Description | There are several issues with current Forgot Password functionality: 1. User nees to perform 6 steps to restore his password (he also needs to go to his profile to change it to whatever he want later). Not too user friendly. 2. It's not secure to send passwords by email. 3. Auto-generated passwords are very hard to remember (not user friendly) vs. the ones that user enters on his own. Proposed solution is to send "forgot password" like link to his email and then he can change his password to what ever he wants. Simplify this scheme this way: 1. user clicks "Forgot Password" link on login page 2. user enters his email or login 3. user presses "Send Password" button 4. user receives email with confirmation link 5. when user clicks on that link, then he is brought to password change form where user enter his new password (2 times) and immediately got logged in This way user gets his password changed quickly and new password isn't sent by email. NOTE: There is a need to add a hint to "Assign password automatically" configuration option under Configuration->Users:General section, saying: "Not encrypted passwords will be send to user by email" |
||
Revision | 2010-12-13 12:42:53 by alex | ||
Description | There are several issues with current Forgot Password functionality: 1. User nees to perform 6 steps to restore his password (he also needs to go to his profile to change it to whatever he want later). Not too user friendly. 2. It's not secure to send passwords by email. 3. Auto-generated passwords are very hard to remember (not user friendly) vs. the ones that user enters on his own. Proposed solution is to send "forgot password" like link to his email and then he can change his password to what ever he wants. Simplify this scheme this way: 1. user clicks "Forgot Password" link on login page 2. user enters his email or login 3. user presses "Send Password" button 4. user receives email with confirmation link 5. when user clicks on that link, then he is brought to password change form where user enter his new password (2 times) and immediately got logged in This way user gets his password changed quickly and new password isn't sent by email. NOTE: There is a need to add a hint to "Assign password automatically" configuration option under Configuration->Users:General section, saying: "None encrypted passwords will be send to user by email" |
||
Revision | 2010-12-13 10:32:13 by alex | ||
Description | There are several issues with current Forgot Password functionality: 1. User nees to perform 6 steps to restore his password (he also needs to go to his profile to change it to whatever he want later). Not too user friendly. 2. It's secure to send passwords by email. 3. Auto-generated passwords are very hard to remember (not user friendly) vs. the ones that user enters on his own. Proposed solution is to send "forgot password" like link to his email and then he can change his password to what ever he wants. Simplify this scheme this way: 1. user clicks "Forgot Password" link on login page 2. user enters his email or login 3. user presses "Send Password" button 4. user receives email with confirmation link 5. when user clicks on that link, then he is brought to password change form where user enter his new password (2 times) and immediately got logged in This way user gets his password changed quickly and new password isn't sent by email. NOTE: There is a need to add a hint to "Assign password automatically" configuration option under Configuration->Users:General section, saying: "None encrypted passwords will be send to user by email" |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |