Edgewall Software
Modify

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#12425 closed defect (cantfix)

Password recovery is stupid: should ask for either username or email, not both

Reported by: teo8976@… Owned by:
Priority: normal Milestone:
Component: general Version:
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Jun Omae)

There are two kinds of decent "forgot your password" procedures:

  • those which ask you to enter your email
  • those which let choose whether to enter the username or the email

Asking for both is stupid (as would be asking for the username without the option to use the email instead), as one may have forgotten the username.

It's pathetic that in 2016 we still see sites that ask for both username and email for password reset.

Attachments (0)

Change History (6)

comment:1 by Jun Omae, 8 years ago

Resolution: cantfix
Severity: criticalnormal
Status: newclosed

comment:2 by Jun Omae, 8 years ago

Description: modified (diff)
Summary: Password recovery is stupid: should ask for EITHER username OR email, not bothPassword recovery is stupid: should ask for either username or email, not both

I'm guessing the reason is that multiple users can have same email address in Trac.

comment:3 by anonymous, 8 years ago

Then

  1. entering only the username should be allowed
  2. you should allow to enter only the email and, only if multiple users with that email exist, tell the user so and require him/her to enter the username
Last edited 8 years ago by Jun Omae (previous) (diff)

comment:4 by anonymous, 8 years ago

(this shit removed the newlines from my comment and now it doesn't let me edit it? Fucking ridiculous)

comment:5 by anonymous, 8 years ago

(oh I see why, it's because it didn't require me to register in the first place in order to comment, so I commented as anonymous. Can't believe how shitty this whole thing is)

comment:6 by Jun Omae, 8 years ago

If you think that behavior is a defect, you can create a ticket for ​th:AccountManagerPlugin on trac-hacks.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none) to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.