Thank you.
"In behind, the system is doing what it's supposed to do"..
I get the security aspect. Don't like it. But I suppose we do have to play it closer to the chest now days...
I just know customer's (who either forgot what they registered with, or just entered it in badly) will tell us they could not get passwords sent to them because our system is not working. (when it actually is) . "BUT, YOUR systems says it has sent me a new password!? Now you say it may have not? What do you mean...?"
Validating the email address formatting on the client side I think is a must.
In the meantime, i'm going to edit the success message so to read something along the lines, like "If our system has recognised your email address, a new password will be sent to you immediately. Need assistance? Contact us .....".
This would improve the general customer experience.
But, I suppose in the bigger scheme of things it is a "low-severity kind of issue".
I'll have to add this to the to-do list.


. 
Reply With Quote
