Should reset passwords automatically register users?

Question

Should reset passwords automatically register users?

Many work processes with lost passwords usually result in a page accessible by a temporary link sent to the user. Then this link takes them to a page asking for a new password.

When entering a new password, the user must force a manual login or the password of the reset page automatically authenticates the user, which will reduce the number of steps and, consequently, the complexity of the process for the end user?

I often come across passwords to reset pages that make me reset my password, and then a login that feels like I have logged in twice without a good reason.

+3

security passwords password-protection usability

Kev Sep 11 '10 at 11:29

source share

3 answers

I really like the drupal method: an email is sent to the user with a link in it, which will register them once; upon entering the system, they are given the opportunity to change their password.

+4

Jords Sep 11 '10 at 11:31

source share

You must do this automatically. I don’t understand why you should log in.

If this is related to bot protection, just add captcha when the user logs in using the link.

+1

lesderid Sep 11 '10 at 11:34

source share

Steven sudit · Accepted Answer · 2010-09-11T11:31:06+0000

I do not know of any significant advantages for forcing the user to re-enter the password that they just entered twice. If someone does this, I will be interested to know about it.

Should reset passwords automatically register users?

More articles: