[Cosmo-dev] "Forgot Password" workflow
jared at wordzoo.com
Thu Feb 15 10:26:40 PST 2007
Travis Vachon wrote:
> 1) User enters username, service sends password to email address
> registered for that username
> 2) User enters email address, service sends password (and username?) to
> that email address if and only if a user associated with that address
A variety of sites support both. If I had to pick one, I'd probably
pick email. People are more likely to have a username stored in a form
or Chandler account dialog or something, so they *sometimes* will be
better able to remember that.
+1 for both.
Though I've asked for non-unique email addresses, I admit freely I've no
idea how that interacts with forgotten-password workflows. I'd tend to
say that anyone sharing an email can reasonably see a password reset
from others sharing that password, but I don't know which account you'd
reset if just an email was entered. Hopefully that isn't necessarily a
death-knell for the whole idea.
More information about the cosmo-dev