All posts in the topic Reset Password (Short link)
Summary
- There are 9 posts — by 4 authors — in this topic.
- Latest post made by Michael JasonSmith at Feb 11 23:28 UTC
The Reset Password page is used when a user has forgotten his or her password. Currently running, as a functional prototype, is the new password reset page http://groupserver.org/register/request_password.html Unlike the current system, the prototype does not send out a user-name or password, instead it send out a single link. Clicking on the link sends the user to the Set Password page. By sending the user to this page, I hope that he or she will get the hint and set a more memorable password ☺ The user can have as many *active* password-reset links as he or she desires. However, as soon as one link is used, all other links become inactive. This should maintain usability, and not compromise security too much. Under the hood, GroupServer stores a unique ID whenever the user fills out the Reset Password page. One user can fill out the password-reset page as many times as he or she likes, and an ID is stored each time. The ID is sent to the user in the email-notification, as part of a link. When the user clicks on this link, GroupServer looks up the user using the ID, redirects him or her to the set-password page, and removes all the old IDs from the database. The redirection mechanism is very similar to the existing system for posts, files, and topics. Richard suggests that we redirect to the site homepage after the password is set. I understand how this is useful, as it gets the user to the most useful page more quickly. However, I wonder if the user would be confused by the redirection, especially as we never do it in any other case. Adding to my concerns, is the standard homepage on an active site is quite busy, and the user may lose the “password has been set” message amongst the noise, leaving the user wondering if the password has been set.
[Michael puts on his best Edwardian School Teacher voice.] I am keeping a log of who has used the new password reset system, and I see that Alice and I are the only people who have tested it. http://groupserver.org/register/request_password.html This is disappointing, as I would like to deploy it on *all* sites in the not-too-distant future ☺ Go on, give it a try! It does not change your password anymore, and at the moment, you can still be logged in and use it!
Richard did it too, you know...
On Thu, 2008-01-17 at 16:13 +1300, Alice Murphy wrote:
> Richard did it too, you know...
Don't let the truth get in the way of a good story ☺
Hey, I tried it too!
Well, at least, I have now.
Looks good. I didn't see any problems.
Tim Erickson
On Thu, 2008-01-17 at 18:18 +1300, Tim Erickson wrote:
> Hey, I tried it too!
I see your reset at around six last night (NZDT). Thanks a lot for
trying out the reset system, Tim. The new registration system relies on
a related mechanism, so it *really* important to get everything working
smoothly.
We have had a shake-down test of the new Set Password page, with almost 600
people using it. About 15% of Microsoft Internet Explorer 6 users have had
problems with the browser locking up when they view the page. All the users who
have issues with the Set Password page have been able to use the page with a
different browser — even if that browser is IE6 from a different machine! These
two facts leads me to suspect that the problem is caused by a particular
setting in Internet Explorer 6, but I am unsure what the setting is. (It is not
setting the security level to “Highest”, as that turns JavaScript off, and
there is no problem.)
For some reason, yesterday I gave feedback about the Reset Password notification in "Joining a Group and Registering an Account Using the Web". http://groupserver.org/r/post/53olV4VpdUCRrOxln195X0 Today, I am revising my own draft. Here's yesterday's. Hi Dan Randow, We received a request at GroupServer.org to reset your password. All you have to do is set a new password. To do this go to the following address. http://groupserver.org/r/password/5iGKy5fCm7D0Eo8fzXhnT5 -- GroupServer.org is powered by OnlineGroups.Net And here's my proposed revision. It moves "at GroupServer.org" to the end of the first sentence, adds ", please" to the third sentence, and changes "go to the following address" to "click the following link". Hi Dan Randow, We received a request to reset your password at GroupServer.org. All you have to do is set a new password. To do this, please click the following link. http://groupserver.org/r/password/5iGKy5fCm7D0Eo8fzXhnT5 -- GroupServer.org is powered by OnlineGroups.Net
I have made the changes to the Reset Password message that you asked for, Dan.