User requests a password reset
User clicks the link within the password reset email (which then introduces the issue sometimes where the username pre-populates with the incorrect username - different dev item already)
User starts to key in new password and is informed if the number of characters has not been met, so for example if that is 7 characters, they type 1234567
User is able to proceed forward
User is stopped at another screen which once again prompts for their password to be changed, and they receive the "Your new password was not accepted for security reasons. Please enter a password that you haven't used before and is long and complex enough to meet the site's password complexity requirements." HOWEVER, 99.9% of the time on a public site the user will not be privy to watch the password complexity requirements actually are, and this leads to a loop and/or support emails/calls
Can the password reset process be revamped to reduce the number of screens that the user interacts with (to avoid confusion) and can the process be more informative as it relates to password requirements, based on whatever settings have been configured within DNN and the web.config file?