I may be misunderstanding the situation, but it appears to me that when customers submit a request for a forgot password email it gives them a success message regardless of if the provided email exists in the system as either a login or eaddress. I looked through the documentation and there is no mention of "error messaging", just the message for when the submission goes through. It doesn't happen often but every once in awhile we get customers who complain they they're not getting their password reset emails, but its simply because the eaddress isn't associated to a login, but TNEW does not give them any indication of this issue. We primarily do not create logins when adding eaddresses to new records for regular phone/window sales. We did do that once, but it just caused more issues since people weren't aware of that fact and got frustrated when it would not let them register a new account, so we figured its easier to just merge accounts later.
Does anyone experience this issue often? I was thinking perhaps we could update the success message to explain this, but I can't think of a way to word it that wouldn't be too confusing to the customer?
Functioning as intended. If the form gives positive or negative confirmation on whether an email address in the system, then it can be used to discover accounts by a bot. I think there is actually a PCI rule about it. It is a nuisance for customers.
We did spend a while massaging our messaging. I'd check around on other people's sites to see what they've come up with.
[double checks]
Looks like that messaging was lost at some point and we just have the default. So yeah, check other sites.
Aha, I had a feeling there was a good reason behind it. Thankfully it doesn't happen often. I do see there is a phrase "if your account is located" Perhaps we just need to add a message about who to contact if the email does not come through.
Indeed, functioning as intended.When this finally clicked for me, I reworked our phrasing. Feel free to borrow if you like it: https://tickets.newvictory.org/account/login
Thanks Jamie, this is a great example. Do you know if your success message has anything special, like an invitation to reach out if they don't receive the email, or something similar?
2 thoughts:
I think that I've come across a "if your emai is associated with a login we will send you a reset email" before. (I was trying to access my old myspace account over the weekend so maybe there). You can edit the default message in Component editor I believe https://www.tessituranetwork.com/TNEW_7/TNEW.htm#Topics/Admin/Editor/Component_Editor.htm#ForgotPass
Also you could create temp logins for customer accounts where the primary email is not associated with a login to mitigate some of the instances.
From my Admin portal:
If we find a match to the address submitted, you will immediately receive an email with a link and instructions to reset your password. For further assistance, please contact Ticket Services.
To see it in action, try the actual process. I have enough trouble typing my password correctly without doing a reset!
Here is what we use:
Neil
MN Zoo