search

fp7-ofelia / ocf

OFELIA Control Framework (OCF) is a set of software tools for testbed management.
http://fp7-ofelia.github.com/ocf/
Other
18 stars 14 forks source link

Reset password procedure is unclear #192

Closed CarolinaFernandez closed 10 years ago

CarolinaFernandez commented 10 years ago

Though the reset works, it confuses users.

In order to reset the password, one currently follows this workflow:

  1. Access the island
  2. Click on Reset it! and write the e-mail bound to the account

  3. Receives N e-mails, depending on how many user accounts are linked to the used e-mail. E.g.:

    • 1st (user from central LDAP):

      Reset password at OFELIA CF Clearinghouse:

https://register.fp7-ofelia.eu/password_reset/forgotten

    • 2nd (user from local LDAP; only in our island):

      Reset password at OFELIA CF Clearinghouse:

https://<island_url>/accounts/password/reset/confirm/<token>/
  4. Access the URLs, fill the new password and "a challenge" and press the button

  5. Receive an e-mail such as:

    The password for your account <account> has been reset.
You new password is: <generated_password> and the challenge you specified in the web form.

To login please assemble your password by concatenating the password above and the random chars.
Example:
Random chars: 123
Password of mail: XYZ
=> Password to login: XYZ123

You can change your password after logging in.

Best regards
Your OFELIA Team

The challenge at step 4 is not clear, and one might think it was some data entered at the registration time --> either explain it or remove it. Also, the e-mail from step 5 is not clear - talking about "random chars" when it was previously called "challenge".

I personally think this adds unnecessary complexity, and the challenge could be removed; thus only the generated password being sent and encouraging the user to change it after log-in.