[wp-trac] [WordPress Trac] #5919: Password reset improvements

WordPress Trac wp-trac at lists.automattic.com
Sun Jul 4 13:54:48 UTC 2010


#5919: Password reset improvements
-------------------------+--------------------------------------------------
 Reporter:  pishmishy    |       Owner:  anonymous     
     Type:  enhancement  |      Status:  new           
 Priority:  normal       |   Milestone:  Future Release
Component:  Users        |     Version:  2.0.4         
 Severity:  normal       |    Keywords:  needs-patch   
-------------------------+--------------------------------------------------

Comment(by RanYanivHartstein):

 I created a duplicate of this ticket that got closed, but the comments I
 posted on that ticket might be useful here too.

 This happens in all recent versions of WordPress, and can be reproduced by
 trying to reset a password.

 When users go to the lost password page, there is only one field for email
 address and one Submit button, so this is fine.

 Then they get the first email with the confirmation, and this is where it
 gets confusing. The link opens a page that shows a notice and a log in
 form - but doesn't actually show the user their new password. Users need
 to read the instructions and only then they know that they should check
 their email *again* to find their new password.

 However, most users won't read these instructions, for several reasons.

 For one, resetting the password on a WordPress blog is more complicated
 then users are used to from other sites, so they may simply get frustrated
 when they realize they still don't have their password. If they don't
 check their email again soon, they may never notice the second message.

 Also, the confirmation link leads to a log in form. In retrospect, this
 makes sense. The users has the log in form already open, and now all they
 need to do is go back to their email, find the new password, and use it in
 the log in form. However, this only makes sense *in retrospect*.

 If the user doesn't already know how the password reset process works,
 they can either get sidetracked by the log in form and ignore the
 instructions all together (users often skip reading instructions when
 there are simple actions to perform, like filling a log in form or
 clicking a button), or get confused and click on Forgot Password again,
 creating an endless loop.

 There are a few things we can do to make this less confusing.

 The reset process can be less confusing. For e.g., the confirmation link
 can lead to a page where the new password is already displayed, or a form
 for choosing a new password, instead of sending a new password by email.

 The confirmation link can lead to a page without any forms or buttons. If
 the confirmation links will just lead to a page that said "Check your
 email again, your password's there", it might be less confusing. The
 actual link to the log in page can be included in the final email.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/5919#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list