Hi,
Currently the password reset does the following:
- Enter username or email address
- Receive new generated PW at email address
- Log in with new PW
- [because this generated password is not memorable, my users also]
- Visit change password page
- Enter current (temporary) password and new password
This is somewhat cumbersome, and it lets my users reset each other's passwords (?!?). I would prefer something that worked like this:
- Enter username or email address
- Receive link with password reset key at email address
- Visit link and enter new password according to the requirements
This still verifies the email address, doesn't require the middle (temporary) password, and most importantly, doesn't allow users to reset other user's passwords.
Has anyone developed something like this?
Thanks!!