TornDotSpace / Torn-Issues

The official issue tracker for torn.space!
0 stars 0 forks source link

Implement a "forgot my password" feature for lost passwords #15

Closed chrisj1 closed 3 years ago

chrisj1 commented 5 years ago

Currently, users are unable to reset a lost password. We should allow users to change their passwords via email confirmation. We most likely would need to set up the mail server for this. I am curious about how big of an issue this is to users and would like to hear feedback.

2swap commented 5 years ago

Players pretty often give out their passwords publicly and then come complaining to me whenever they inevitably lose their account. This would be handy to automate.

DamienVesper commented 5 years ago

Would be a problem when migrating old accounts to the new one as there would be new information to input. @2swap I would be in favor of another tab on the dock tab called "Settings" that would have a form that allowed you to change display name, email, and password (with a confirmation as well). To confirm changes, password would be required, and as for email changes, new email must be verified before change. Would be similar to Discord's settings tab.

tardisfromtornspace commented 5 years ago

I like your idea @DamienVesper , except with the part of e-mail, this game had success because of not needing e-mails to register (apart from other reasons), since giving an e-mail is both giving part of your privacy and creating a compromise, and people usually create an account when they don't feel that "there's no way back" and sometimes if they don't need to do extra-effort. I've had experience with that since in torn I just needed 1-2 days to feel OK with creating an account (when I discovered that e-mail wasn't needed I logged in immediately), but in games such as flyordie.io (where e-mail is required) I needed 6 MONTHS to feel feel comfortable enough to create an account.

johnnyapol commented 5 years ago

Emails will never be mandatory but there's not a good way to implement a "forgot my password" button without one other than generating backup passwords (which people will lose).

For the record, and this will always be the case, users that know their current password can reset it using /password

johnnyapol commented 3 years ago

Now available on production