I was trying today to buy a thing or two from Carter’s and I realized I forgot my password. I tried to reset my password but oh was I wrong….
Look at the following reset password page and let me tell you what’s wrong with it:
- First, you need to know which of the five questions you answered when you registered.
- Yes I know my mom’s maiden name, the make of my car and the rest of the answers
- But I was never able to reset my password because it never accepted any of my answers
So, the problem here is that the devs at Carter’s think “oh, what a great idea! Let’s be really really sure that only the user can reset his password”. But they did such a good job that not even the user can reset his password.
If they were really smart, they would do the following:
- Allow the user to enter an email address
- Send an email to the user letting him/her know that somebody requested a password reset and with a link
- And then, if the user wants to he or she can reset the password.
Simple… yet some people, in this case devs like me, don’t really use common sense when creating a piece of functionality