Announcement

Collapse
No announcement yet.

Help with Password Recovery

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Help with Password Recovery

    Hi,

    We are having an issue where a customer tries to recover a lost password, but they aren't getting the lost password email from us. What I think is happening is they are inputting the wrong email address. BUT, they are still getting the message "Instructions to reset your password have been sent to the email address on file with your account. Please contact us if you require further assistance". So no matter what email address is entered, it gives that message (whether it sends them the lost password email or not). Is there any way to have Miva check to see if the email address is associated with an account, and if not, tell them that? The way it is now is confusing, because in some instances they are NOT getting the lost password email even though it says it's been sent.

    I have attached a screenshot showing what I'm talking about.

    Thanks,
    Eric

    lostpassword.jpg

    #2
    Re: Help with Password Recovery

    Eric,

    Apparently, that message is in part, required by PCI compliance since the brainacs behind PCI believe someone is going to keep testing the email, find a match, then somehow intercept....whatever...in other words, by design.

    Since you have Easy Contact, you might consider adding text to the "Sent instructions" message to include "Having problem, Use our Contact prompt at bottom right...or something like that. (We might consider trying to trap the Account Name in Easy Contact data so you can look it up for them.
    Bruce Golub
    Phosphor Media - "Your Success is our Business"

    Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
    phosphormedia.com

    Comment


      #3
      Re: Help with Password Recovery

      Bruce is correct, that's a Security Feature designed to prevent account snooping. Welcome to the new world order
      Thanks,

      Rick Wilson
      CEO
      Miva, Inc.
      [email protected]
      https://www.miva.com

      Comment


        #4
        Re: Help with Password Recovery

        Easy on the levity.

        I have an "app" that will do what they're wanting prevented at a max rate of 12,000+ per hour. It can even be tuned to check for only one pattern (like @gmail.com, say).

        Once it knows a good Email address it can "dictionary" the password at whatever rate the server allows.

        And it was really good at it -- years ago. Almost useless today for ecommerce, but still can mess up applications that deliver the "Sorry, but that Email address isn't in our records" failure notice.

        So, what they've demanded works.

        BTW -- It wasn't used for nefarious purposes. We built a Web app for GM when they were trying to sell off-lease (from car rental companies) cars directly to the public and it was used to test security.

        Like in 1998, eons ago in Web years and technologies.

        Comment


          #5
          Re: Help with Password Recovery

          Originally posted by Bruce - PhosphorMedia View Post
          Since you have Easy Contact, you might consider adding text to the "Sent instructions" message to include "Having problem, Use our Contact prompt at bottom right...or something like that. (We might consider trying to trap the Account Name in Easy Contact data so you can look it up for them.
          Bruce (and/or Rick), can this message be changed? I cannot find it anywhere. How do we change it? I'm guess that this might be one of those messages that can't be changed (like the credit card declined messages, etc).

          Thanks,
          Eric

          Comment


            #6
            Re: Help with Password Recovery

            In the admin enter "messages" in search, look for "Instructions to reset your password have been sent to the email address on file with your account. Please contact us if you require further assistance." ... oh wait, you are still on M5.5 so, no you can't directly change it. You could append to the existing message with:

            <mvt:foreach iterator="message" array="messages:information_messages">
            &mvt:message;
            <mvt:if expr="'Instructions to reset' IN l.settings:message">
            <p>Additional Text here</p>
            </mvt:if>
            </mvt:foreach>
            Bruce Golub
            Phosphor Media - "Your Success is our Business"

            Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
            phosphormedia.com

            Comment


              #7
              Re: Help with Password Recovery

              Originally posted by Bruce - PhosphorMedia View Post
              In the admin enter "messages" in search, look for "Instructions to reset your password have been sent to the email address on file with your account. Please contact us if you require further assistance." ... oh wait, you are still on M5.5 so, no you can't directly change it. You could append to the existing message with:

              <mvt:foreach iterator="message" array="messages:information_messages">
              &mvt:message;
              <mvt:if expr="'Instructions to reset' IN l.settings:message">
              <p>Additional Text here</p>
              </mvt:if>
              </mvt:foreach>
              Bruce, where specifically do I enter this new code? In the Messages tab all I have is "Storefront Welcome" and "Invoice Thank You" (5.5, as you said).

              Thanks,
              Eric

              Comment


                #8
                Re: Help with Password Recovery

                I think this is in the login screen...don't have a 5.5. site open at the moment, they are all M9's <g>
                Bruce Golub
                Phosphor Media - "Your Success is our Business"

                Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
                phosphormedia.com

                Comment


                  #9
                  Re: Help with Password Recovery

                  Are your customers making the request from the FPWD screen?

                  Comment


                    #10
                    Re: Help with Password Recovery

                    Originally posted by nottheusual1 View Post
                    Are your customers making the request from the FPWD screen?
                    The request can be made from the FPWD screen or the LOGN screen. On either page, the customer is SENT BACK to the LOGN screen and the message is displayed there. I tried entering Bruce's code on the LOGN screen but nothing additional was displayed.

                    Thanks,
                    Eric

                    Comment

                    Working...
                    X