Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+4 votes
1.1k views
in Q2A Core by

Just had two different users (about 50+ years old) who were not able to create new passwords for their accounts.

I tried it myself to understand at which 'position' their problem was.

1. /forgot works fine at first: Enter email + Anti-spam and click "Send Reset PW Email"

2. Email contains a link and the code (first confusing for user: "Should I take the link or the code?"

3. Clicks link (e.g. reset?c=eaczs74j&e=mail%40me.com): User sees page with prefilled email and prefilled code

4. There on the page, user clicks "Create new password"

5. Gets message frontend about a new mail --> And I think here is the problem, one of the users told me "Why have I got a second email?!"

  
 

Suggestion:

A - Can't we show the new password frontend? OR:

B - With the generated code link, we could already present a field to "set your new password"

Q2A version: 1.7.4
by
After reading your question, I just tried the forgot password procedure. And I think you are right, first email should only have a link to the page. Where we can actually change the password instead of getting a whole new password in another email. After all if we are able to get that email at the first time then we are the real user, so sending a second password in another email is not that good.
by
Thanks for pointing the issue. I mentioned this problem before as well. It would be a good idea to change the procedure.

http://www.question2answer.org/qa/54022/q2a-forget-pass-process-is-too-complicated-for-users
by
SEP 2017: And again and again I get emails from users who DO NOT understand how the thing works...
by
@q2apro.com In v1.8 there is a simple and new password reset process, check that.

1 Answer

+1 vote
by
edited by

FORMER:

1. after submit, it REDIRECTs TO /reset?e=test

Message:
<tr>
<td colspan="1" class="qa-form-tall-ok">
    Please check email 
</td>
</tr>

MUST STOP HERE, not again showing the INPUT fields.

2. REMOVE from Email:
Alternatively, enter the code below into the field provided.\n\nCode: ^code

3. User clicks link from email: /reset?c=zjt8r3xq&e=test%40kyga.de

Shows again:

    Username or email: EMAIL SHOWN
    Code: CODE SHOWN

    You have been emailed your reset code - send another.

MUST BE AUTOMATIC forwarded. 


4. Showing: 

"Your new password was emailed to you"

And again the form to enter the data. STOP shownig the form.

NEW:

1. Forgot password, enter username or email

2. Mail goes to user, front end shows: check your email

3. User clicks link in email, comes to reset page, data (code and email/handle) gets submitted by JS automatically

4. User gets the 2nd email that contains his new password, frontend shows: "password was sent to you", and the input fields, cursor in password field blinking

5. User checks his email, copies the password, done. 

Not perfect, but better than before!

Changes on Gihub:

https://github.com/q2a/question2answer/pull/455/commits 

...