Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-40158

Restore forgotten password - not usability friendly if wrong username or email address supplied

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 2.4
    • Authentication, Usability
    • MOODLE_24_STABLE

      In the forgot_password screen, the user is given the ability to restore her password by inputting her username or email address.

      However, the system doesn't alert if a wrong username/email was inserted, and therefore a user could wait forever for the reset password email, not knowing that they will never get it because they supplied the wrong username/email.

      This is the message that Moodle gives:

      Could the system alert in case the wrong username/email was supplied? I doubt that it would a raise security issue, since other large systems - such as WordPress, Basecamp - do alert in such cases (see screenshot of WordPress message, and screenshot of Basecamp message)

            skodak Petr Skoda
            leac Lea Cohen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.