• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.
ResetPassword allows users to let their password reset in case they have forgotten their password.

Note: you must have at least one valid registered e-mail to be able to reset your password. If none of your registered e-mail addresses is valid, and you have forgotten your password, contact webmaster@exampleNOSPAM.com.

  • Where are multiple e-mail adresses stored?
  • It would be much friendlier if the e-mail adress is shown here. Otherwise the user has to check elsewhere if the email address is correct. And s/he will be never sure if the e-mail address on the user page is used or perhaps a different one.

Anyone can use this page to reset the password of someone else. It would be better if

  1. the user with the given LoginName was sent an e-mail
  2. the user clicks on the link in the e-mail
  3. the user lands on a feedback page stating that the password has been reset

Also all related links on the page should be made less distracting.


E-mail addresses are not shown precisely because of the security implications of showing them.

Multiple email addresses are stored as a list. As the prompt says on ChangeEmailAddress: "New e-mails (space-separated list):"

When a user visits that page, they are shown their registered Email addresses.

Yes, anyone can reset anyone else's password; of course they can. How else is someone who has forgotten their password supposed to request a password reset? The user with the given LoginName is sent an email, with the new password. Further complicating the reset process (requiring a second verification step) is IMHO unnecessary.

I can agree with the idea that related links should be improved. But it's Low priority.


How else is someone who has forgotten their password supposed to request a password reset? Like step 1-3 above. This is not further complicating, but normal process flow.


this appears to be how it works now...

Dear New User

Login name "NewUser"
Your password has been changed to "8920941650". 

Please visit http://t42p/cgi-bin/TWiki4/bin/view/TWiki/ChangePassword?username=NewUser to change your password to something more memorable for you.

If you have any questions, please contact 0.


-- SvenDowideit - 02 Jun 2007

Summary ResetPassword usability
ReportedBy TWiki:Main.ArthurClemens

SVN Range Sat, 25 Mar 2006 build 9517
AppliesTo Engine

Priority Low
CurrentState Closed


TargetRelease minor
ReleasedIn 4.2.0
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r7 - 2008-01-22 - KennethLavrsen
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback