The Reset Password page is used when a user has forgotten his or her password.
Currently running, as a functional prototype, is the new password reset page
http://groupserver.org/register/request_password.html
Unlike the current system, the prototype does not send out a user-name or
password, instead it send out a single link. Clicking on the link sends the
user to the Set Password page. By sending the user to this page, I hope that
he or she will get the hint and set a more memorable password ☺
The user can have as many *active* password-reset links as he or she desires.
However, as soon as one link is used, all other links become inactive. This
should maintain usability, and not compromise security too much.
Under the hood, GroupServer stores a unique ID whenever the user fills out the
Reset Password page. One user can fill out the password-reset page as many
times as he or she likes, and an ID is stored each time. The ID is sent to the
user in the email-notification, as part of a link. When the user clicks on this
link, GroupServer looks up the user using the ID, redirects him or her to the
set-password page, and removes all the old IDs from the database. The
redirection mechanism is very similar to the existing system for posts, files,
and topics.
Richard suggests that we redirect to the site homepage after the password is
set. I understand how this is useful, as it gets the user to the most useful
page more quickly. However, I wonder if the user would be confused by the
redirection, especially as we never do it in any other case. Adding to my
concerns, is the standard homepage on an active site is quite busy, and the
user may lose the “password has been set” message amongst the noise, leaving
the user wondering if the password has been set.
[Michael puts on his best Edwardian School Teacher voice.]
I am keeping a log of who has used the new password reset system, and I see
that Alice and I are the only people who have tested it.
http://groupserver.org/register/request_password.html
This is disappointing, as I would like to deploy it on *all* sites in the
not-too-distant future ☺
Go on, give it a try! It does not change your password anymore, and at the
moment, you can still be logged in and use it!
Richard did it too, you know...
On Thu, 2008-01-17 at 16:13 +1300, Alice Murphy wrote:
> Richard did it too, you know...
Don't let the truth get in the way of a good story ☺
Hey, I tried it too!
Well, at least, I have now.
Looks good. I didn't see any problems.
Tim Erickson
On Thu, 2008-01-17 at 18:18 +1300, Tim Erickson wrote:
> Hey, I tried it too!
I see your reset at around six last night (NZDT). Thanks a lot for
trying out the reset system, Tim. The new registration system relies on
a related mechanism, so it *really* important to get everything working
smoothly.
We have had a shake-down test of the new Set Password page, with almost 600
people using it. About 15% of Microsoft Internet Explorer 6 users have had
problems with the browser locking up when they view the page. All the users who
have issues with the Set Password page have been able to use the page with a
different browser — even if that browser is IE6 from a different machine! These
two facts leads me to suspect that the problem is caused by a particular
setting in Internet Explorer 6, but I am unsure what the setting is. (It is not
setting the security level to “Highest”, as that turns JavaScript off, and
there is no problem.)
For some reason, yesterday I gave feedback about the Reset Password
notification in "Joining a Group and Registering an Account Using the Web".
http://groupserver.org/r/post/53olV4VpdUCRrOxln195X0
Today, I am revising my own draft. Here's yesterday's.
Hi Dan Randow,
We received a request at GroupServer.org to reset your password.
All you have to do is set a new password. To do this go to the
following address.
http://groupserver.org/r/password/5iGKy5fCm7D0Eo8fzXhnT5
--
GroupServer.org is powered by OnlineGroups.Net
And here's my proposed revision. It moves "at GroupServer.org" to the end of
the first sentence, adds ", please" to the third sentence, and changes "go to
the following address" to "click the following link".
Hi Dan Randow,
We received a request to reset your password at GroupServer.org.
All you have to do is set a new password. To do this, please click
the following link.
http://groupserver.org/r/password/5iGKy5fCm7D0Eo8fzXhnT5
--
GroupServer.org is powered by OnlineGroups.Net
I have made the changes to the Reset Password message that you asked for, Dan.
