In Forgot Password sent message, make “username or email address” specific


(Rory O’Kane) #1

If I click “I forgot my password” when signing in, then fill in an email address and click Reset Password, the following message (en.js.forgot_password.complete) is shown:

If an account matches that username or email address, you should receive an email with instructions on how to reset your password shortly.

There’s nothing wrong with this message, but it would help reduce cognitive load to replace “username or email address” with whichever one the user actually entered. It’s like replacing “5 user(s)” with “5 users”. It’s a low-priority change, but it would still be nice to do.

The software will always be able to distinguish whether the user typed a username or an email address, by the fact that email addresses always have an ‘@’ and usernames never do.


(Lee Dohm) #2

Except if the “user” isn’t logged in, then how does the system know whether the person typing at the keyboard is even an actual user of the system and not just a malicious person trying to gain entry? Are you suggesting that the message change based on what the person at the keyboard types into the box after they type into the box?


(Jens Maier) #3

I think what royokane means is that if you first type an email-address into the login form and then click the “I forgot my password” button, it should re-use the email-address. This can happen entirely locally without interaction with the server, so no session is required.


(Jeff Atwood) #4

Right so instead of

If an account matches that username or email address, you should receive an email with instructions on how to reset your password shortly.

it could be

If an account matches username, you should receive an email with instructions on how to reset your password shortly.

or

If an account matches name@example.com, you should receive an email with instructions on how to reset your password shortly.


(Rory O’Kane) #5

Those messages would work too. I was actually thinking of this pair of messages:

If an account matches that username, you should receive an email with instructions on how to reset your password shortly.

or

If an account matches that email address, you should receive an email with instructions on how to reset your password shortly.

I like that your solution confirms what the user typed by repeating it in the message. But I like that in mine the messages say whether what the user typed was interpreted as a username or an email address – that would give the user more confidence that Discourse correctly interpreted what they typed, and will have found it in its database if it exists. Let’s combine those features:

If an account matches the username joesmith, you should receive an email with instructions on how to reset your password shortly.

or

If an account matches the email address jsmith@example.com, you should receive an email with instructions on how to reset your password shortly.

How’s that?


(Jeff Atwood) #6

For now @neil can you make the change I described above?


(Kevin P. Fleming) #7

Tiny addition: the first part of the phrase is purposely vague, saying “an account”. It then switches to a more assertive style, saying “you should receive”. This assumes that the person who is reading the message is the person who will receive the email and who owns the account/password, which is logical.

Changing to “If your account matches…” would make it consistent.


(Neil Lalonde) #8

I made the changes. The two messages are:

If an account matches the username %{username}, you should receive an email with instructions on how to reset your password shortly.

and

If an account matches %{email}, you should receive an email with instructions on how to reset your password shortly.


(Jeff Atwood) #9