Password reset process can be confusing
|Reported by:||RanYanivHartstein||Owned by:|
The password reset process can be a bit confusing for users that aren't used to reading on screen instructions. This happens in all recent versions of WordPress, and can be reproduced by trying to reset a password.
When users go to the lost password page, there is only one field for email address and one Submit button, so this is fine.
Then they get the first email with the confirmation, and this is where it gets confusing. The link opens a page that shows a notice and a log in form - but doesn't actually show the user their password. Users need to read the instructions and only then they know that they should check *again* to find their new password.
However, most users won't read these instructions, for several reasons.
For one, resetting the password on a WordPress blog is more complicated then users are used to from other sites, so they may simply get frustrated when they realize they still don't have their password. If they don't check their email again soon, they may never notice the second message again.
Also, the confirmation link leads to a log in form. In retrospect, this makes sense. The users has the log in form already open, and now all they need to do is go back to their email, find the new password, and use it in the log in form. However, this only makes sense *in retrospect*.
If the user doesn't already know how the password reset process works, they can either get sidetracked by the log in form and ignore the instructions all together (users often skip reading instructions when there are simple actions to perform, like filling a log in form or clicking a button), or get confused and click on Forgot Password again, creating an endless loop.
There are a few things we can do to make this less confusing.
The reset process can be less confusing. For e.g., the confirmation link can lead to a page where the new password is already displayed, or a form for choosing a new password, instead of sending a new password by email.
The confirmation link can lead to a page without any forms or button. If the confirmation links will just lead to a page that said "Check your email again, your password's there", it might be less confusing. The actual link to the log in page can be included in the final email.