Password Reset Flow
When looking to reset a password a user will be given a
link, this can be on a portal or the login page or whatever method is
preferable.
The first screen that is presented is below. This screen the
user will enter their username and choose how they want the process to go, by
choosing Email or Mobile
If the username is not found or the user does not have the
particular recovery method available to them an error will be given. This can
happen if the user selects Mobile and the system does not have any record of a
Mobile number for the user. Same applies for email. For security reasons the
actual reason for failure is not given.
Otherwise we move onto the next screen
Given that we are now on this screen this means a message
has been sent to the user’s email or mobile.
Mobile:
Email:
The user will then enter the code that was sent to them into
the field and continue.
From there the user will be able to reset their password.
This is the point where password complexity rules will be applied.
Once the new password is put in and the “Change Password” is
pressed. The password change is made and the user is now able to use that
password for future logins.
