Enhancement Request - User Password Reset Process Is Not Ideal (Doc ID 2222013.1)

Last updated on MARCH 19, 2024

Applies to:

Goal

In order to be compliant with security best practices and to offer a better user experience the following enhancement regarding customer password reset is requested:

1) User requests a password reset by submitting their username (email) to the application.
2) A password reset token is created and saved to database. Token is set to expire after 72 hours.
3) Email is dispatched with a link containing the token embedded.
4) Token is evaluated.

    a. If token is valid: User is prompted for a new password and a field to confirm password.
    b. If Passwords match and meet password requirements: Set user's password and delete token from database.
    c. If Passwords don't match or do not meet password requirements: Prompt to reenter password with error message with details about why the password wasn't valid.
    d. If token is not valid: User is presented an error message and given the option to provide a username to start the user password reset (step 1)
 

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.