BG:Forgotten password - use email address

From its-wiki.no
Jump to: navigation, search
Title Forgotten password - use email address
Type change request
Severity 1-urgent
Keywords login, password, new user
Date (expected, solved,...) 2012/04/12
Expected Version "v2.51" is not in the list of possible values (v0.8, v0.9, v1.0, v1.1, v1.2, v1.5, v2.0, v2.1, v2.2, v2.3, v2.4, v2.5, v2.6, v2.7, v2.8, v2.9, v3.0, v3.1, v3.2, v3.3, v3.5, v4.0, v4.1) for this property.
Depiction
Status Solved
Summary (1-2 lines): Use only email address for reset of password
Test Procedure: test using:
  • email address which is in the InnoBors - "message: new password is sent to your email address"
  • email address is not in the InnoBors - "message: this user is not found in the database"
News:

this page was created by Special:FormEdit/BugReport, and can be edited by Special:FormEdit/BugReport/BG:Forgotten password - use email address. See all change requests/bug reports at BugReport or, sorted after version number in Movation:Innobors_Version.

Use only the email address for the rest of the password

LostPassword-Innobors.png

Discussion

Q
If i use only email for resetting password, there is a possibility to reset multiple user accounts. This is because, one user can have multiple account with same email address. In that case, his/her both account password will be reseted.
A
Correct, my suggestion is to have "only one user" per email address. That means, a user is identified through his email address. - AND (later on), the user may add several email addresses... (at the end: josef.noll@movation.no, LinkedIN: Josef, josefnoll@gmail.com, josef@jnoll.net...) are all the same users
  • Is it a big deal to implement (i) one user, identified through email address and (ii) multiple email addresses for users?



Note

  • Please use "variables" to indicate the messages. These "variables" should be used to allow in the future "language files" to define the message according to the selected language.
  • Make sure that the "return" email (on forgotten password) contains the user name, as josef.noll@movation.no might have forgotten his username :-)