Closed Bug 435486 Opened 16 years ago Closed 16 years ago

Add ability to recover from a forgotten password

Categories

(Cloud Services :: General, defect)

Product:
Cloud Services
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: hello, Assigned: anant)

References

Details

Users who forget their Weave password currently have no choice but to create a new account with a different email.

Option 1: We email the user a link which, when clicked, takes the user to a page where they can set a new password.

Option 2: We add multi-factor auth and require additional data to verify the user's identity (as an alternative for the email), then let them set a new password.  This is useful for people whose email address has changed, and can no longer receive email at the old address.

Option 3: We reset the password by changing it, and email the user their new password.  If we take this route, we should make sure to do it in such a way that a malicious user can't reset someone else's password (by using a temporary password field and keeping the account password around).

Perhaps there are others.
Blocks: 433979
Target Milestone: -- → 0.2
let's go with option 1 for now.  it will only be available to users who have specified and have a verified email address.  we're strongly recommend that users provide and validate an email address during sign up, but for now, will not allow them to add one if they did not.
I'll finish this one up
Assignee: nobody → anarayanan
Pushed to https://sm-labs01.mozilla.org:81/client/forgot.php

Emails a link to the address on-file, which when clicked will reset the user's password to a temporary one (the user is then encouraged to change it as soon as possible - using one the clients of the changePassword API).
Few more changes to make the process a little easier:

The link in the email now points to a page with a form asking the user to select a new password. When the form is submitted, the password is changed.
awesome!
Marking as fixed (in the 0.2 server).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
The link to https://sm-labs01.mozilla.org:81/client/forgot.php is dead!
I got there from the new 0.2 client when I (mistakenly) clicked on "Forgot Password".
Should this be filed as a new bug?
Looks like someone filed a new bug for it: bug 443352.
Component: Weave → General
Product: Mozilla Labs → Weave
QA Contact: weave → general
You need to log in before you can comment on or make changes to this bug.