[feature-proposal] Forgot password improvements

Caio Tiago Oliveira caiotiago at colivre.coop.br
Wed Nov 6 14:17:12 BRST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/05/2013 10:44 PM, Ewout ter Haar wrote:
> On Tue, Nov 5, 2013 at 11:37 PM, Caio Tiago Oliveira 
> <caiotiago at colivre.coop.br> wrote:
> 
>>> So don't use User.first
>> 
>> If the intersection is not empty (the sets aren't disjoint), the
>> only way to avoid sending multiple emails in case of conflicts is
>> to ask for the combination of field and value.
> 
> We can safely assume the intersection is not empty. We have
> various people using their USP number as login.

But in this case we shouldn't bother, since there would be only one user.

> Why do want so desperately to avoid send multiple emails?

Would you like to receive emails for password reset when you hadn't
asked for one?
Don't you think someone could take this as some kind of attempt to
take over his account?

> I return to my original question: would this inconvenience be worth
> the usability gain? I say yes.

In my humble life I haven't ever seen one page for recovery
instructions where you could use a non disjoint set of options to
recover the password. You may point to one.
A few will let you enter the login or email on the same field (which
are disjoint), most will have different fields, one for "forgot
password", another one for "forgot login". A few will require a CPF
(only local business) or some special question, as an added measure to
*avoid* sending password reset instructions.

I wouldn't say it is intuitive to the average user to put anything in
a field, or one of the listed fields above, since he is neither used
to do it in other places or it is natural.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSemuIAAoJEMzgGcmGlt4BCMsQALtuvbE9L2LbPdrIn4U/3AQ6
VOwZxkiUz98MBHkQk7w1srJQy1OK4bVwmwaiugmreTOmmqzxLMlY9xwKKyxMVSGh
rydobxBJC5OtjhnSKHvcAvC2gzYSxWmzZf2IfG1Rkvj/Jl86bc0yekjXnkiNVhHf
TjsZqi0qE0tCl6MkFcqc2z+NPglg6AECNHruhbQOhJSg6I1uxA8uP5DfO+EdwSha
nx/+GGm8xKugoMQwYT2x+mQeDfybG5l1H6GiW/0iT6tnz3IunVximNNoxKYenhDE
0LS3Uo3NcsObNNxbJgvoXtFu1qfbUnJYdPxGBRBYyWfnKfzdzg0wQC7ZXH3YPoaC
vRNAF5bBun8kjWHzREHgQotqlFwpEc29Ad3d4hIS2dwWQU4YGelZ0LQRZ4zj73zq
3VJrUxcBx3HPD0z3agxm5MTms4wIJAQJJ52O9f+9mv49XP965cvU7GQkmy+49qy0
1LAAop+DntEYOepLB3W0wWWg73o4Ww7tBFNeZbwBdIy+aR0i4v/pOtaEd4eHbXI3
DGaiMNUDzo2kSSAsIsU2GzZBt74aBnbGZuc4vXmFheMeosaTleyR4PFqNn6h4qaF
IwWZTN34hrgn2I9qHv4+vQIkBL46J8YUJgJPqfSlKmEsxc8A8ep+LH9bo87pI8Ys
cjE2WK4dQlg47l4BqssV
=S5N6
-----END PGP SIGNATURE-----

More information about the Noosfero-dev mailing list