Enhancement Request - User Password Reset Process Is Not Ideal
(Doc ID 2222013.1)
Last updated on JULY 03, 2018
Applies to:Oracle Commerce Cloud Service - Version N/A and later
Information in this document applies to any platform.
In order to be compliant with security best practices and to offer a better user experience the following enhancement regarding customer password reset is requested:
1) User requests a password reset by submitting their username (email) to the application.
2) A password reset token is created and saved to database. Token is set to expire after 72 hours.
3) Email is dispatched with a link containing the token embedded.
4) Token is evaluated.
a. If token is valid: User is prompted for a new password and a field to confirm password.
b. If Passwords match and meet password requirements: Set user's password and delete token from database.
c. If Passwords don't match or do not meet password requirements: Prompt to reenter password with error message with details about why the password wasn't valid.
d. If token is not valid: User is presented an error message and given the option to provide a username to start the user password reset (step 1)
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!