[Cosmo-dev] "Forgot Password" workflow

Priscilla Chung priscilla at osafoundation.org
Wed Mar 14 21:45:40 PST 2007 

On Mar 12, 2007, at 12:22 PM, Travis Vachon wrote:

> Abbreviated:
> 1) User clicks on "Forgot username/password" link
> 2) User enters username and/or email address and clicks "send  
> reminder"
> 3) User checks email, clicks on forgot password link
> 4) User enters new password, is reminded to change passwords in  
> client programs, is logged into app
+1. Anything more seems to complicated.
>
> A couple notes:
>    * While the "temporary ui access" would certainly be useful in  
> some cases, and doesn't seem to me to be less secure than allowing  
> users to reset their passwords by clicking on a link in an email,  
> I'm not sure it is needed within preview timeframe. In addition, it  
> would be at least twice the work since we don't currently have the  
> auth/z infrastructure to support it on the backend (largely because  
> of the way we use Basic authentication for CMP user self  
> administration).
>
>    * It might be a good idea to use a "security question" (what was  
> the name of your first dog's mother's owner's oldest cousin?)  
> before sending the email and/or resetting the password.
I don't think this is necessary right now.
>
>    * It might be a good idea to use a Captcha (http:// 
> en.wikipedia.org/wiki/Captcha) before sending the password reset  
> email to preven bots from generating superfluous password reset  
> emails.
Good idea, but probably not necessary right now.
>
>    * Language on the links is definitely not final, and will be  
> polished iteratively with the design team during implementation.
How about this for instructional copy:

*Forgot your Password?*

Please enter in the user name or the e-mail address associated with  
your account, then click 'okay'.
User Name: [______]   *OR*   E-Mail Address: [______]   [Okay]

After the user clicks okay, the page will then display this message:
'We'll send you an e-mail with a link to a page where you can create  
a new password.'

Added to bug 7709 for reference.
Thanks, -Priscilla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osafoundation.org/pipermail/cosmo-dev/attachments/20070314/d49c0010/attachment.html

More information about the cosmo-dev mailing list