It works, and let's make it better

Currently, we’re working on a site. I will tell you about what site it is. This time, I want to share our ideas about how we build it. It comes with a membership features. You know… registration, login and password reminder. For the password reminder feature, the current site — we actually redevelop the current site — has the feature, and it works fine.
BUT, we think that the process can — and should — be improved. Here are the scenario (from the current site) for the password reminder:

  • A user fills in the email field with the his/her account’s email address.
  • The system will generate a randomly-generated password.
  • User can login with the new password.

It works. But, there are some other situations:

  • Other people can see other members’ profile.
  • On the profile page, the email address is revealed (readable).

So, other members can easily bug each other. Of course, only when they want to. The point is: it can be done. If someone put other members’ email adress, he/she can reset the password. “Hey, I have someone changed my password without my permission. I need to change it again now…”

We think that this can be improved. So, we change the process. Not only because many services also use this, but because we believe that it’s better

    A user fills in the email field with the his/her account’s email address.

  • The system will generate a confirmation code, and send it to user’s email address. A confirmation link is provided. If he/she wants to change the password, they can follow the link. Otherwise, they can ignore it.
  • Once the password reminder request confirmed, a randomly-generated password will be delivered.
  • User can login with the new password, and change it into more memorable password.

That’s an idea.