#190 closed Defect (fixed)
dealing with forgotten password is awkward
| Reported by: | Eric Myers | Owned by: | davea |
|---|---|---|---|
| Priority: | Major | Milestone: | Undetermined |
| Component: | Web - Project | Version: | |
| Keywords: | password, authentication | Cc: |
Description
The way the web site deals with a user who has forgotten their password is awkward. There is a link "Forgot password?" on the login page. If you follow it you are taken to a page to *change* your password. Yes, it also allows you to retrieve your account key, but that's not explained or obvious, and the suggestion that you can change your password is confusing and potentially frustrating.
Sending the account key to the user via e-mail is also not advised, since it is more sensitive than a password (it gives one total access to the account, yet it cannot be changed). I suggest we generate a temporary authentication code and send that via e-mail (with a time limit associated with it).
Change History (3)
comment:1 Changed 17 years ago by
| Priority: | Undetermined → Major |
|---|
comment:2 Changed 17 years ago by
| Owner: | changed from Rytis to davea |
|---|
comment:3 Changed 17 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
(In [14263]) - user web: clean up logic for dealing with forgotten password:
- login form now has ONLY email/passwd
("login with account key" is gone)
- "forgot password?" takes you to a page with two options:
1) type in email address, get an email with login link 2) instructions for recovering account key from BOINC account file
- email is stripped-down, has login link and not much else
fixes #190
Reassigning to David.