Comments on: Forgot your password? http://yardley.ca/2006/10/25/forgot-your-password/ greg yardley on online product management Wed, 04 Jan 2012 05:04:13 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: lola http://yardley.ca/2006/10/25/forgot-your-password/comment-page-1/#comment-939 lola Sat, 02 Jun 2007 21:34:10 +0000 http://yardley.ca/merge/?p=292#comment-939 i forgot my password but i still remmber the secret answer and the email secure but i want my old password i don't want to change it i forgot my password but i still remmber the secret answer and the email secure but i want my old password i don’t want to change it

]]> By: Greg Yardley http://yardley.ca/2006/10/25/forgot-your-password/comment-page-1/#comment-938 Greg Yardley Thu, 26 Oct 2006 16:28:05 +0000 http://yardley.ca/merge/?p=292#comment-938 You know, I think RoR does have some plugins, etc. to let you get this functionality without writing it all yourself. The Login Engine (http://api.rails-engines.org/login_engine/) looks promising, for example. But it is a plugin rather than a part of the basic framework. I'm at the point where if I don't build the stuff myself, I won't understand it, and I'll end up doing something stupid. Ended up backtracking a bit after trying to borrow some code from the RoR forum 'Beast', for example - it didn't save me the time I thought it would, because I didn't know what the hell was going on. On the other hand, I understand my own forum code just fine. :) You know, I think RoR does have some plugins, etc. to let you get this functionality without writing it all yourself. The Login Engine (http://api.rails-engines.org/login_engine/) looks promising, for example. But it is a plugin rather than a part of the basic framework.

I’m at the point where if I don’t build the stuff myself, I won’t understand it, and I’ll end up doing something stupid. Ended up backtracking a bit after trying to borrow some code from the RoR forum ‘Beast’, for example – it didn’t save me the time I thought it would, because I didn’t know what the hell was going on. On the other hand, I understand my own forum code just fine. :)

]]> By: Greg G. http://yardley.ca/2006/10/25/forgot-your-password/comment-page-1/#comment-937 Greg G. Thu, 26 Oct 2006 15:43:55 +0000 http://yardley.ca/merge/?p=292#comment-937 I'm actually doing the same thing right now; I'm taking approach #2 or #3. I guess it depends on how secure and sensitive the information you store is. In our case, it's not that sensitive, and I really don't think there's much of an issue with someone entering an email just to annoy someone. I'm a bit surprised that most web frameworks don't provide this kind of functionality out of the box. You really shouldn't need to build most of this stuff (users/logins/passwords, etc.). I’m actually doing the same thing right now; I’m taking approach #2 or #3. I guess it depends on how secure and sensitive the information you store is. In our case, it’s not that sensitive, and I really don’t think there’s much of an issue with someone entering an email just to annoy someone.

I’m a bit surprised that most web frameworks don’t provide this kind of functionality out of the box. You really shouldn’t need to build most of this stuff (users/logins/passwords, etc.).

]]> By: Anthony Lieuallen http://yardley.ca/2006/10/25/forgot-your-password/comment-page-1/#comment-936 Anthony Lieuallen Thu, 26 Oct 2006 03:55:06 +0000 http://yardley.ca/merge/?p=292#comment-936 Back when I was (re) building this part of the Vaults product, I took a route much like #6. You type in your email, you get a big secret key (assuming, of course, that email matches an account). That mail mentions pretty much nothing besides that key and some simple instructions. The difference is, key in hand, you get a form where you have to provide the username that owns this key (mild authentication: it might be obvious, but this wasn't in the email that contained the key). Only then you get the no-previous-password password change form. My general feelings about the forgotten password mechanisms align with what you put above, which explains why we reached nearly the same solution. Back when I was (re) building this part of the Vaults product, I took a route much like #6.

You type in your email, you get a big secret key (assuming, of course, that email matches an account). That mail mentions pretty much nothing besides that key and some simple instructions.

The difference is, key in hand, you get a form where you have to provide the username that owns this key (mild authentication: it might be obvious, but this wasn’t in the email that contained the key). Only then you get the no-previous-password password change form.

My general feelings about the forgotten password mechanisms align with what you put above, which explains why we reached nearly the same solution.

]]> By: Stan James http://yardley.ca/2006/10/25/forgot-your-password/comment-page-1/#comment-935 Stan James Wed, 25 Oct 2006 19:28:10 +0000 http://yardley.ca/merge/?p=292#comment-935 Every time I got to my online Verizon account I have to go through the "I forgot my password" process. Why? They don't allow the password to be one you've used before, and they have strange rules for passwords that I can never remember. I now have several sites where I use "I forgot my password" process instead of actually trying to remember my password. This disturbs me, but my lazy nature demands that I take the easy way out. Every time I got to my online Verizon account I have to go through the “I forgot my password” process. Why? They don’t allow the password to be one you’ve used before, and they have strange rules for passwords that I can never remember.

I now have several sites where I use “I forgot my password” process instead of actually trying to remember my password. This disturbs me, but my lazy nature demands that I take the easy way out.

]]>