Idea: No 0's and O's in reset passwords

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
freejoe76
Registered User
Posts: 3
Joined: Thu Feb 07, 2008 5:57 pm
Location: Denver, Colorado
Contact:

Idea: No 0's and O's in reset passwords

Post by freejoe76 »

Hi,

A frequent area of confusion with computer-generated passwords occurs when capital O's and 0's are allowed -- thought I'd throw this out there as a piece on the password-reset functionality worth getting rid of.

-Joe
Senior Developer, The Denver Post
phpbb3 board: http://neighbors.denverpost.com/forums.php
phpbb3-generated most-commented lists: http://www.denverpost.com/commented

ElbertF
Registered User
Posts: 583
Joined: Fri Dec 03, 2004 4:35 pm
Location: tracing..
Contact:

Re: Idea: No 0's and O's in reset passwords

Post by ElbertF »

I don't even see why generated passwords are needed, why not let people choose a new password and activate that one through e-mail? You won't need to go to the UCP and change it again, or have trouble reading it.

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

Re: Idea: No 0's and O's in reset passwords

Post by naderman »

You could only do that on the activation site, otherwise people might click the activation link without properly reading the email and then the person who sent the false password reminder knows the valid password and the actual user doesn't.

ElbertF
Registered User
Posts: 583
Joined: Fri Dec 03, 2004 4:35 pm
Location: tracing..
Contact:

Re: Idea: No 0's and O's in reset passwords

Post by ElbertF »

Valid point (although you could/would send the password itself along with the e-mail), but how about sending them an activation e-mail without a password and let them to choose a new one directly after they click the link?

User avatar
Kellanved
Former Team Member
Posts: 407
Joined: Sun Jul 30, 2006 4:59 pm
Location: Berlin

Re: Idea: No 0's and O's in reset passwords

Post by Kellanved »

That would be technically identical to the current approach: user gets new password, which allows changing the password in the UCP. Why add complicated workflows that are essentially to the status quo? As to it being complicated - cut&paste?
No support via PM.
Trust me, I'm a doctor.

ElbertF
Registered User
Posts: 583
Joined: Fri Dec 03, 2004 4:35 pm
Location: tracing..
Contact:

Re: Idea: No 0's and O's in reset passwords

Post by ElbertF »

  1. Request -> send e-mail (generate password) -> copy password -> activate -> login (paste password) -> UCP -> Profile -> Edit Account Settings -> choose new password (confirm) -> confirm current password (paste).

    Or:
  2. Request -> send e-mail -> choose password (activate) -> login.
It's not a big deal for me (I have been wondering about it), but slightly less advanced users don't copy/paste and find the option in the UCP so quickly.

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

Re: Idea: No 0's and O's in reset passwords

Post by naderman »

Yeah I agree it would be easier if the user can choose a password after clicking the activation link.

Post Reply