Hi,
A frequent area of confusion with computer-generated passwords occurs when capital O's and 0's are allowed -- thought I'd throw this out there as a piece on the password-reset functionality worth getting rid of.
-Joe
Idea: No 0's and O's in reset passwords
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
-
- Registered User
- Posts: 3
- Joined: Thu Feb 07, 2008 5:57 pm
- Location: Denver, Colorado
- Contact:
Idea: No 0's and O's in reset passwords
Senior Developer, The Denver Post
phpbb3 board: http://neighbors.denverpost.com/forums.php
phpbb3-generated most-commented lists: http://www.denverpost.com/commented
phpbb3 board: http://neighbors.denverpost.com/forums.php
phpbb3-generated most-commented lists: http://www.denverpost.com/commented
Re: Idea: No 0's and O's in reset passwords
I don't even see why generated passwords are needed, why not let people choose a new password and activate that one through e-mail? You won't need to go to the UCP and change it again, or have trouble reading it.
Re: Idea: No 0's and O's in reset passwords
You could only do that on the activation site, otherwise people might click the activation link without properly reading the email and then the person who sent the false password reminder knows the valid password and the actual user doesn't.
Re: Idea: No 0's and O's in reset passwords
Valid point (although you could/would send the password itself along with the e-mail), but how about sending them an activation e-mail without a password and let them to choose a new one directly after they click the link?
Re: Idea: No 0's and O's in reset passwords
That would be technically identical to the current approach: user gets new password, which allows changing the password in the UCP. Why add complicated workflows that are essentially to the status quo? As to it being complicated - cut&paste?
No support via PM.
Trust me, I'm a doctor.
Trust me, I'm a doctor.
Re: Idea: No 0's and O's in reset passwords
- Request -> send e-mail (generate password) -> copy password -> activate -> login (paste password) -> UCP -> Profile -> Edit Account Settings -> choose new password (confirm) -> confirm current password (paste).
Or: - Request -> send e-mail -> choose password (activate) -> login.
Re: Idea: No 0's and O's in reset passwords
Yeah I agree it would be easier if the user can choose a password after clicking the activation link.