john-legg
commented
1 year ago 📌 REPRODUCTION RESULTS
Tested on Simple – Replicated Tested on Atomic – Replicated Replicable outside of Dotcom – No (not applicable?)
📌 FINDINGS/SCREENSHOTS/VIDEO
After creating a passwordless account using the mobile app sign up flow, I was able to see the "you have a password configured" message under me/security. Although it probably wasn't necessary, I created a simple and atomic site with the passwordless account and was able to see the same issue.
I don't believe this would be applicable on self-hosted since this is WPCOM account-specific, but please let me know if there's a way to do that.
📌 ACTIONS
Assigned to MarTech column (@Automattic/martech) since it's kind of signup-related. Please reassign if this is incorrect!
Quick summary
After logging into WordPress.com with an account that has no password set, under profile photo → Security, it says "You have a password configured..."). This seems inaccurate since the user hasn't yet set a password.
Steps to reproduce
What you expected to happen
I expected WP.com to acknowledge that the account doesn't yet have a password.
What actually happened
WP.com did not acknowledge that the account doesn't yet have a password.
Context
Exploratory testing
Browser
Mozilla Firefox
Simple/Atomic
Simple
Other notes
No response
Reproducibility
Consistent
Severity
Some (< 50%)
Available workarounds?
Yes, easy to implement
Workaround details
Even though WP.com incorrectly states that a password was set, a password can still be set by "changing" the password.