Scenario: visitor arrives at TinyUI using password reset URI
Given password reset URI references an Account which has requested it
And the reset URI has not expired
Then visitor is invited to input a new password
And Given the new password passes complexity tests
And the new password has not been used previously
Then the new password is hashed and the hash is saved into the Account with the "authentication-identity"
And the user proceeds to "normal login" state
Scenario: visitor arrives at TinyUI using password reset URI Given password reset URI references an Account which has requested it And the reset URI has not expired Then visitor is invited to input a new password And Given the new password passes complexity tests And the new password has not been used previously Then the new password is hashed and the hash is saved into the Account with the "authentication-identity" And the user proceeds to "normal login" state