Not a bug After user changed password user is prompted to change password again

[stb-squad]

Affected version

2.1

Hello Team,

We force users to change their password on regular basis. For most users this is not a problem. Although some users get confused when after successful password change they see a screen with some password requirements, like minimal password length, number of special characters, upper/lowercase characters.

Problem: So users think changing the password went wrong. And they start to change their password a second time which fails, because they don't use the new password but the old, already changed, password.

How could this be avoided? Can I after successful password change route users to another page? Or show a popup or message indicating password change was successful?

Thanks
stb-squad

 

[Chris D]

Not really seeing the bug here.

The user is shown a message when the change is successful, at least in the current XF 2.2 version; you mention 2.1 I can't recall if this is a recent change we made.

Furthermore they are sent an email confirming their password has changed.

My advice? Don't force users to change their passwords, and even more so don't force stringent password policies on your users. Two-step verification is a much better way to ensure your user's accounts are secure.

 

[stb-squad]

Hi Chris,

Thank you for the advice. We will make plans to upgrade to version XF2.2 and check if this solves the problem for our users.

stb-squad