Forgot Password - Do you read their mind?

Last updated by Brook Jeynes [SSW] 4 months ago.See history

This rule has been archived
Archived Reason: Re-entering the email after an incorrect login attempt and when proceeding to the "Forgot Password" screen is a good security practice in the password reset process. It helps ensure the customer's information remains secure.

Unfortunately here is the normal routine to get an email with your password.

  1. You go to a Login form, enter your email and password, and click the 'Login' button.
  2. You get a validation message like 'Incorrect Password'.
  3. Then you have to click a 'Forgot Password' link to go to another 'Get Password' form, and then they almost always ask you to enter your email again and then click 'Get Password' button.

Question: Why do 99% of the websites out there, ask you to - Enter you email again (they have already got it) - Then click 'Get Password' (you have already clicked the link 'Forgot Password')
Answer: Because they are not trying to read your mind.

The goal should be: Be more efficient and user-friendly and save them a step. Please DO NOT bother users to do any more redundant work.

Instead enter their email when they click 'Forgot Password' link.

We open source. Powered by GitHub