Tuesday 8 December 2015

Password Reset Flow



Password Reset Flow
When looking to reset a password a user will be given a link, this can be on a portal or the login page or whatever method is preferable.
The first screen that is presented is below. This screen the user will enter their username and choose how they want the process to go, by choosing Email or Mobile



If the username is not found or the user does not have the particular recovery method available to them an error will be given. This can happen if the user selects Mobile and the system does not have any record of a Mobile number for the user. Same applies for email. For security reasons the actual reason for failure is not given.


Otherwise we move onto the next screen


Given that we are now on this screen this means a message has been sent to the user’s email or mobile.
Mobile:

Email:





The user will then enter the code that was sent to them into the field and continue.

From there the user will be able to reset their password. This is the point where password complexity rules will be applied.






Once the new password is put in and the “Change Password” is pressed. The password change is made and the user is now able to use that password for future logins.