-
Type: Feature Request
-
Status: Closed
-
Priority: Minor
-
Resolution: Fixed
-
Affects Version/s: 5.1.1
-
Fix Version/s: 5.2.0-B1
-
Component/s: Front End
-
Labels:None
-
External issue URL:
-
Additional information:
-
Change Log Message:Improved "Forgot Password" logic
-
Story Points:2
-
External issue ID:948
-
Copy Issue Key:
-
Patch Instructions:
There are several issues with current Forgot Password functionality:
1. User nees to perform 6 steps to restore his password (he also needs to go to his profile to change it to whatever he want later). Not too user friendly.
2. It's not secure to send passwords by email.
3. Auto-generated passwords are very hard to remember (not user friendly) vs. the ones that user enters on his own.
Proposed solution is to send "forgot password" like link to his email and then he can change his password to what ever he wants.
Simplify this scheme this way:
1. user clicks "Forgot Password" link on login page
2. user enters his email or login
3. user presses "Send Password" button
4. user receives email with confirmation link
5. when user clicks on that link, then he is brought to password change form where user enter his new password (2 times) and immediately got logged in
This way user gets his password changed quickly and new password isn't sent by email.
[B]NOTE:[/B] There is a need to add a hint to "Assign password automatically" configuration option under Configuration->Users:General section, saying:
"Not encrypted passwords will be send to user by email"