[wp-trac] [WordPress Trac] #14103: Password reset process can be confusing

Sat Jun 26 15:53:29 UTC 2010

#14103: Password reset process can be confusing
-------------------------------+--------------------------------------------
 Reporter:  RanYanivHartstein  |       Owner:                 
     Type:  enhancement        |      Status:  new            
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Users              |     Version:                 
 Severity:  normal             |    Keywords:                 
-------------------------------+--------------------------------------------
 The password reset process can be a bit confusing for users that aren't
 used to reading on screen instructions. This happens in all recent
 versions of WordPress, and can be reproduced by trying to reset a
 password.

 When users go to the lost password page, there is only one field for email
 address and one Submit button, so this is fine.

 Then they get the first email with the confirmation, and this is where it
 gets confusing. The link opens a page that shows a notice and a log in
 form - but doesn't actually show the user their password. Users need to
 read the instructions and only then they know that they should check
 *again* to find their new password.

 However, most users won't read these instructions, for several reasons.

 For one, resetting the password on a WordPress blog is more complicated
 then users are used to from other sites, so they may simply get frustrated
 when they realize they still don't have their password. If they don't
 check their email again soon, they may never notice the second message
 again.

 Also, the confirmation link leads to a log in form. In retrospect, this
 makes sense. The users has the log in form already open, and now all they
 need to do is go back to their email, find the new password, and use it in
 the log in form. However, this only makes sense *in retrospect*.

 If the user doesn't already know how the password reset process works,
 they can either get sidetracked by the log in form and ignore the
 instructions all together (users often skip reading instructions when
 there are simple actions to perform, like filling a log in form or
 clicking a button), or get confused and click on Forgot Password again,
 creating an endless loop.

 There are a few things we can do to make this less confusing.

 The reset process can be less confusing. For e.g., the confirmation link
 can lead to a page where the new password is already displayed, or a form
 for choosing a new password, instead of sending a new password by email.

 The confirmation link can lead to a page without any forms or button. If
 the confirmation links will just lead to a page that said "Check your
 email again, your password's there", it might be less confusing. The
 actual link to the log in page can be included in the final email.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14103>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software