Password Expiry End User ExperiencePlanned
On our support instance we have the password level set to High for end-users. This requires them to reset their passwords every 90 days. However, the user experience is kind of misleading when the password expires. End-users get two emails when this happens:
- Password Reset - This is kind of expected. However, the wording within makes it seem like their account was compromised - "This email was sent to you because someone requested a password reset on your account." This can be a bit jarring for end-users.
- Password Changed - This one is even more unexpected. The email contains:
"We wanted to let you know that your user profile has been updated by the administrator.
Your password was changed.
You can sign in at: <Instance URL>
If you think this password update is a mistake, reset your password immediately. If you still need help, please contact our Customer Support team."
Again this seems like their account has been compromised. And why is the administrator resetting their password?? I assume behind the scenes the admin password reset functionality is being used to facilitate the expiry. But I don't think there needs to be a specific email sent to the user in this case.
So with all that in mind, why are there 2 emails being sent out that don't really explain what's going on to the end-user? Really there should just be one email explaining "Your password has expired, please create a new one". If this can't be changed it would be nice to be able to modify the messages being sent to the end-users, like we can with other notifications.
Hi Ryan, Lisa and Jordan
Thanks for bringing this, I wanted to acknowledge that it's a fair request and we have prioritized to fix this. I will be able to provide more information such as timelines soon.
We are opening a ticket for this, but want to comment and +1 as well, as we are highly concerned as this is making our end users think their accounts have been compromised when they have not been.
Following as we have updated our password security level from low to high last night, we did not expect this to have an impact on anyone until the initial 90days but a user received the 'User profile updated: password changed' email which is very misleading!
Please sign in to leave a comment.