Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4779

Users should be alerted that the password reset token is invalid after a failed password reset attempt.

    XMLWordPrintable

Details

    • 2

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Problem Definition

      If the Crowd directory is configured to disallow repeated/old passwords on password change, the reset attempt will be rejected if the user attempts to input a repeated/old password.

      The problem is that after the user attempts to key in a new password afterward the rejected attempt, it will display an error message saying that the password token is now invalid and the user will be required to request for a new token.

      Suggested Solution

      Either one of the following:

      1. After the initial password reset attempt is rejected, the user should be notified that the password reset token is now invalid and be prompted to create a new one instead immediately.
      2. Allow the user to continue with the password reset attempt and reset their password to an accepted one.

      Attachments

        Activity

          People

            Unassigned Unassigned
            lsaw@atlassian.com Leon (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: