In continuation to my last post regarding “Good practices for username” design, this post explains/questions the wierd design of wordpress “forgot-password” design.
THe process to obtain a new password, if u’ve forgotten one in WORDPRESS is as follows:
1) Click the FORGOT_PASSWORD link.
2) Enter USER_NAME or EMAIL_ADDRESS.
3) You will be sent a mail from WORDPRESS> Clicking on the link in the mail will again send you a mail, which has the new password, which is determined by the WORDPRESS automatically.
4) You have to login with that new password and then change to the one that you desire.
Usually, other websites will send you a link, clicking on it will take you to the PASSWORD_EDIT page.
But he flow WORDPRESS follows makes the user login with the automated password once and then change to his custom password, rather than letting him do it directly.
WHY IS WORDPRESS INSISTING ON THE USER TO LOGIN WITH THE AUTOMATED PASSWORD AND THEN CHANGE TO CUSTOM is the question.
All i see in this is to double check that the authorized user is accessing it. As far as i see this, its a bit round-about flow for the simple and the flow that users are already used to. This doesnot make much of a difference. But i feel, features like REGISTER and FORGOT_PASSWORD are better left in their usual flow.
Am open for comments and discussions.
