Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
3
-
3
-
Description
Background
CWD-3484 underlined a misleading wording that was displayed as password reset message. While it apparently has been fixed for Crowd, it is still an issue in JIRA:
The message that is displayed can be very misleading as it always informs users that an email was sent even though this is not always true. If there are no plans to make the message conditional, it would certainly make sense to at least change the wording of the generic message. Perhaps something like the following would be more appropriate:
"Thank you. If we find an account matching the username you have entered you will receive an email with further instructions and a reset password link. The link will lead to a page where you can choose your new password."
Steps to reproduce
- Go to the log in page and click on Can't access your account?
- Type in any string as user name which is either existing or not
- The following misleading message is displayed:
A reset password link has been sent to you via email.
You can follow that link and select a new password.
If the email does not arrive, please contact your JIRA administrators.
As pointed out in CWD-2457, not revealing whether or not the user exists in the db is a cautious design decision, which is fine.
Suggestion
However, in line with CWD-3484, a more generic wording should be used in JIRA as well:
Thanks! If we recognise that email address, you should receive a link to reset your password via email soon. If you don't receive an email in the next five minutes, check your spam folder or try again with a different email address.
Our additional suggestion:
Please also make sure to not include a leading or trailing whitespace (e.g. by copying and pasting your user name.
Attachments
Issue Links
- relates to
-
CWD-2457 "Forgot Password/Username" form doesn't validate the inputed variable
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Gathering Impact
-
