Password reset looks at inactive accounts

  • 1
  • Idea
  • Updated 5 years ago
  • Under Consideration

A user left the company and then returned a year later. Rather than reactivate her existing account, we created a new user ID with the same email address as the old one. When the user tried to log in remotely and used the "forgot password" link to reset her password, the system reset the inactive account rather than the active account. As a result, the user was not able to log in because the account was inactive. To mitigate, I have changed the email address in the inactive account. However, the system should be modified so password reset requests only look at active accounts not inactive accounts.

Photo of Lang, Deborah

Lang, Deborah

  • 2 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Raghu K

Raghu K, Community Moderator

  • 163 Posts
  • 9 Reply Likes
Hello Lang, 

Thanks for posting your Product idea here. 

Currently we are in the process of enhancing our Password reset flow, we shall consider this situation during its implementation. 

Meanwhile, to understand this situation better. Was there any specific reason that you created a new profile, instead of re-enabling the old one. 

Raghu K