| 89 | === Lost password procedure === |
| 90 | A user-triggered password reset is less intrusive starting with acct_mgr-0.3, ''not altering the current password before a successful login'' using it. Resetting your password you actually end up with two passwords before next valid login: |
| 91 | * Login with the new one from !ResetPwStore to silently and finally overwrite the old with the new. |
| 92 | * Login with the old will just chancel the latest lost/new password request. |
| 93 | Or in other words: The temporary password is stored in !ResetPwStore, a special !SessionStore (sharing configuration with any other !SessionStore) and merely checked as a fallback, if the regular authentication has failed. On authentication success with the old password any temporary password is deleted to prevent abuse of the 'lost password' procedure by others. |
| 94 | |
| 95 | [[Image(AccountManagerPlugin:reset-password.png)]] |
| 96 | |