Closed
Bug 435486
Opened 16 years ago
Closed 16 years ago
Add ability to recover from a forgotten password
Categories
(Cloud Services :: General, defect)
Cloud Services
General
Tracking
(Not tracked)
RESOLVED
FIXED
0.2
People
(Reporter: hello, Assigned: anant)
References
Details
Users who forget their Weave password currently have no choice but to create a new account with a different email. Option 1: We email the user a link which, when clicked, takes the user to a page where they can set a new password. Option 2: We add multi-factor auth and require additional data to verify the user's identity (as an alternative for the email), then let them set a new password. This is useful for people whose email address has changed, and can no longer receive email at the old address. Option 3: We reset the password by changing it, and email the user their new password. If we take this route, we should make sure to do it in such a way that a malicious user can't reset someone else's password (by using a temporary password field and keeping the account password around). Perhaps there are others.
Comment 1•16 years ago
|
||
let's go with option 1 for now. it will only be available to users who have specified and have a verified email address. we're strongly recommend that users provide and validate an email address during sign up, but for now, will not allow them to add one if they did not.
Assignee | ||
Comment 3•16 years ago
|
||
Pushed to https://sm-labs01.mozilla.org:81/client/forgot.php Emails a link to the address on-file, which when clicked will reset the user's password to a temporary one (the user is then encouraged to change it as soon as possible - using one the clients of the changePassword API).
Assignee | ||
Comment 4•16 years ago
|
||
Few more changes to make the process a little easier: The link in the email now points to a page with a form asking the user to select a new password. When the form is submitted, the password is changed.
Comment 5•16 years ago
|
||
awesome!
Reporter | ||
Comment 6•16 years ago
|
||
Marking as fixed (in the 0.2 server).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Comment 7•16 years ago
|
||
The link to https://sm-labs01.mozilla.org:81/client/forgot.php is dead! I got there from the new 0.2 client when I (mistakenly) clicked on "Forgot Password". Should this be filed as a new bug?
Reporter | ||
Comment 8•16 years ago
|
||
Looks like someone filed a new bug for it: bug 443352.
Updated•15 years ago
|
Component: Weave → General
Product: Mozilla Labs → Weave
Updated•15 years ago
|
QA Contact: weave → general
You need to log in
before you can comment on or make changes to this bug.
Description
•