Password Reset process only partially directs the user about a proper password format

Description

Example:

  • User requests a password reset

  • User clicks the link within the password reset email (which then introduces the issue sometimes where the username pre-populates with the incorrect username - different dev item already)

  • User starts to key in new password and is informed if the number of characters has not been met, so for example if that is 7 characters, they type 1234567

  • User is able to proceed forward

  • User is stopped at another screen which once again prompts for their password to be changed, and they receive the "Your new password was not accepted for security reasons. Please enter a password that you haven't used before and is long and complex enough to meet the site's password complexity requirements." HOWEVER, 99.9% of the time on a public site the user will not be privy to watch the password complexity requirements actually are, and this leads to a loop and/or support emails/calls

Can the password reset process be revamped to reduce the number of screens that the user interacts with (to avoid confusion) and can the process be more informative as it relates to password requirements, based on whatever settings have been configured within DNN and the web.config file?

QA Test Plan

None

Assignee

Unassigned

Reporter

Todd Boufford

Story Size

Unknown

Severity

Major

Triage

New

Fixed in Build

None

Dev Owner

None

Includes Code Fix

No

Documentation Required

None

Trouble Ticket

None

Requires More Info

None

QA Story Points

None

QA Owner

None

Injected

None

Automation Required

None

Code Review Owner

None

Affects versions

Priority

High
Configure