Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-40158

Restore forgotten password - not usability friendly if wrong username or email address supplied

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 2.4
    • Fix Version/s: None
    • Component/s: Authentication, Usability
    • Labels:
    • Affected Branches:
      MOODLE_24_STABLE

      Description

      In the forgot_password screen, the user is given the ability to restore her password by inputting her username or email address.

      However, the system doesn't alert if a wrong username/email was inserted, and therefore a user could wait forever for the reset password email, not knowing that they will never get it because they supplied the wrong username/email.

      This is the message that Moodle gives:

      Could the system alert in case the wrong username/email was supplied? I doubt that it would a raise security issue, since other large systems - such as WordPress, Basecamp - do alert in such cases (see screenshot of WordPress message, and screenshot of Basecamp message)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              leac Lea Cohen
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan, Barbara Ramiro, Bas Brands
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: