/
Forgot password logic change

Forgot password logic change

Owned by Alex
Last updated: Aug 08, 2015

Imported from: http://groups.google.com/group/in-portal-dev/browse_thread/thread/95fa9e02e5d65a4a#

I propose to change how Forgot Password feature works in In-Portal.

Currently it works this way:

  1. user clicks "Forgot Password" link on login page
  2. user enters his email or login
  3. user presses "Send Password" button
  4. user receives email with confirmation link
  5. when user clicks on that link, then he is brought to confirmation page
  6. when user clicks "Yes" on that confirmation page, then new password is generated and sent to it by email (not too secure)

This way user needs to perform 6 steps to restore his password (he also needs to go to his profile to change it to whatever he want later). Not too user friendly I think. 

I propose to simplify this scheme this way:

  1. user clicks "Forgot Password" link on login page
  2. user enters his email or login
  3. user presses "Send Password" button
  4. user receives email with confirmation link
  5. when user clicks on that link, then he is brought to password change form
  6. user enter his new password (2 times) and immediately got logged in

This way user gets his password changed quickly and new password isn't sent by email. 

Another issue, when password is send by email is when "Auto-generate User Passwords" option is used (this way user don't enter his password during registration). In this case user gets his password after registration by email.

I propose to send "forgot password" like link to his email and then he can change his password to whatever he wants.

Related Tasks

INP-762 - Getting issue details... STATUS