Password recovery with email only

mfn · December 25, 2016, 9:28am

Now it is not possible to recover password if you foget login, but remember email (login<>email).

I think the feature is good. May be as option.

(PS v9.1.2, sorry for my english))

ocmdi · February 8, 2017, 3:03am

I was just about to open a feature request for this too.

An important use case is the initial login. If you’re moving forward with email based login, it’s likely that your first email to the end user when the account is created will say something like:

“You now have an account, go ahead and log in with your email address and do a password recovery”

… but you can’t say that. You need to say:

“You now have an account, and here is your userid. You don’t really need it, but unfortunately you’ll need to use it to do your password recovery, but once you’ve done that you can just log in with your email address. But, if you ever need to do a password recovery again you’ll need to use your login id”

Yes… I’m being a bit silly, but I think it’s clear that using the email address for both logging in and password recovery is ideal. Mixing both is not so nice.

Thanks.

ownCloud v9.1.3 (stable)

anon81984126 · February 8, 2017, 6:39am

As feature requests are very rarely commented / picked up in here its always recommended to post them at the github tracker:

ocmdi · February 8, 2017, 1:07pm

Ok, thanks again for the guidance.

I just created an Issue on GitHub here.

github.com/owncloud/core

Allow the use of email address for password recovery

opened 01:05PM - 08 Feb 17 UTC

closed 11:22AM - 27 Feb 17 UTC

mdigit5

enhancement junior job status/STALE

### Steps to reproduce 1. Create a new account and assign an email address 2. …Go to the login form and use the email address to initiate a password recovery (enter a wrong password and click "Wrong password. Reset it?" link ### Expected behaviour If the correct email address is specified the password reset should be accepted. ### Actual behaviour The login UI complains that the username is invalid (i.e. it expects a username, not an email address) ### Why email address should be permitted for password reset/recovery An important use case is the initial login. If you're moving forward with email based login for user convenience, it's likely that the first automatic email to the end user when the account is created will say something like: "You now have an account, go ahead and log in with your email address and do a password recovery" This is an easy way to get around the initial password issue. The problem is that you can't say that. It gets more complicated. You would need to say something like: "You now have an account. Here is your username. You don't really need the username because you can log in with your email address, but you'll need to use it to do your password recovery, but once you've done that you can just log in with your email address. But, if you ever need to do a password recovery again you'll need to use your username again, so don't forget it." Yes, I'm being a bit silly with that last paragraph. The point is that if logging in with email address is supported, resetting/recovering your password with email address should also be supported. I'm not sure if this is bug, or just a feature that was never implemented. ### Server configuration **Operating system**: Ubuntu 14.04.5 LTS **Web server:** Apache 2.4.25 **Database:** MySQL **PHP version:** 5.6.29 **ownCloud version:** 9.1.3 (stable) **Updated from an older ownCloud or fresh install:** No