1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Default XenForo Password Recovery Behavior

Discussion in 'General XenForo Discussion and Feedback' started by Joe Link, Jan 20, 2015.

  1. Joe Link

    Joe Link Well-Known Member

    My member demographic is quite old and not very tech savvy, so I try to make my sites very easy to use. One of the issues that comes up quite often is the default password reset behavior.

    Default Password Reset
    1. User enters username or email in lost password form.
    2. User emailed password reset email.
    3. User clicks password reset link in email.
    4. User emailed new password.
    5. User logs in with username and password.
    6. User enters temporary password, then new password twice.

    I'd like to know if it's a lack of understanding on my part, but this seems overly complex to me. Many modern websites, such as Twitter, make it much easier.

    1. User enters username or email in lost password form.
    2. User emailed password reset email.
    3. User clicks password reset link in email.
    4. User taken to screen to enter new password twice.

    I see this add-on here (@Jon W) and it seems to do this. My main question is, why isn't this the default behavior? Is it inferior or less secure in some way?
     
    feldon30 and batpool52! like this.

Share This Page