Currently, we’re working on a site. I will tell you about what site it is. This time, I want to share our ideas about how we build it. It comes with a membership features. You know… registration, login and password reminder. For the password reminder feature, the current site — we actually redevelop the current site — has the feature, and it works fine.
BUT, we think that the process can — and should — be improved. Here are the scenario (from the current site) for the password reminder:
- A user fills in the email field with the his/her account’s email address.
- The system will generate a randomly-generated password.
- User can login with the new password.
It works. But, there are some other situations:
- Other people can see other members’ profile.
- On the profile page, the email address is revealed (readable).
So, other members can easily bug each other. Of course, only when they want to. The point is: it can be done. If someone put other members’ email adress, he/she can reset the password. “Hey, I have someone changed my password without my permission. I need to change it again now…”