Enhancement Request - User Password Reset Process Is Not Ideal (Doc ID 2222013.1)

Last updated on JANUARY 10, 2017

Applies to:

Oracle Commerce Cloud Service - Version N/A and later
Information in this document applies to any platform.

Goal

In order to be compliant with security best practices and to offer a better user experience the following enhancement regarding customer password reset is requested:

1) User requests a password reset by submitting their username (email) to the application.
2) A password reset token is created and saved to database. Token is set to expire after 72 hours.
3) Email is dispatched with a link containing the token embedded.
4) Token is evaluated.

    a. If token is valid: User is prompted for a new password and a field to confirm password.
    b. If Passwords match and meet password requirements: Set user's password and delete token from database.
    c. If Passwords don't match or do not meet password requirements: Prompt to reenter password with error message with details about why the password wasn't valid.
    d. If token is not valid: User is presented an error message and given the option to provide a username to start the user password reset (step 1)
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms