Why Do I Have to Reset My Password Every Time I Sign In?

Bulldog17

Distinguished
Sep 27, 2005
121
1
18,695
Every time I sign in to Tom's Hardware Forum my password is not recognized and I have to re-set it. Why?

It's crazy that every time I sign in I have to hit the 'forgotten password' link, wait for the email, type in my old password, select a 'new' password which is identical to my old password, and then I can post or reply.

Cookies allowed, no ad blocking, no script blocking.
 
Solution
Wow, thanks for the detailed breakdown! I've only been around for about a half a year and have not yet had to reset my password, but I'll look into this tomorrow (the work day is almost over, hooray!). I'm sorry you had such an annoying experience doing that, but rest assured that everybody here, from the mods to the dev team, is dedicated to making sure that the user experience is pleasant—even if it doesn't always seem that way!

I'll dig into the whole process tomorrow and pass on any feedback/needed adjustments to the team. Thanks again for all the details, and I'm glad you got it sorted out for now!

Titillating

Expert
Ambassador
Are you running any other plugins/extensions? Off the top of my head, this sounds similar to an issue we have when it comes to password managers. We employ various methods to help us cut down on spam and one of those methods just happens to run into conflicts with password managers (LastPass, for example).
 

Bulldog17

Distinguished
Sep 27, 2005
121
1
18,695
I disabled LastPass, Ghostery and AdBlock, cleared my browser cache, closed and then re-opened my browser - Chrome. My password still was not accepted.

I tried to sign in with Internal Explorer, which is totally stock - intentionally - and has no add-ins at all. My password still wasn't accepted.

P.S. I had to create a password to reply to this thread.
 

Titillating

Expert
Ambassador
Hm. That's curious. Before I escalate this to the devs, there's a one other thing I'd like to ask you to try. You mentioned that you have been using the same password when setting a "new" one; could you try a different password, if you haven't done that already? Doubt that that's the reason, but it's good to eliminate the obvious.


As an aside, since you have trouble logging in, if you'd like to continue this discussion via email, I can be reached at kng@purch.com.
 

Bulldog17

Distinguished
Sep 27, 2005
121
1
18,695
There are multiple problems here.

One:
The Forums' sign-in web page puts a green check mark at the end of the "Username" and "password" boxes after I enter my credentials. But as soon as I click on the "Sign in" button, both boxes turn pink and I get the message "The username and/or password is invalid." If one or both of my credentials is not valid, why do I get the green check mark?

Two:
When I click on the 'forgotten password' link I receive an email that reads:

"Hello Bulldog17, We've received a request to have the password for your account at Tom's Hardware reset. If you would like to reset your password, please click on the following link..." The link leads to the part of my user profile where I am asked to enter my current password and choose a new password. If I knew my current password, I wouldn't need to use the 'forgotten password' link in the first place.

Three:
I discovered that I am only seeing half of the password reset email. The other half reads: "You'll then receive a new password via email that you'll be able to change later on in your profile." I was not seeing this part of the email because, for some reason, Gmail interprets it as a signature and therefore hides it. Only when I thought to expand the signature space did I see this second half of the email.

Four:
In the first half of the email I am asked to click on a link that leads to the part of my user profile where I choose a new password. Why am I being asked to choose a new password if I'm going to receive a new password via email?

Five:
After I follow the link in the first half of the email and create a new password, no new password arrives via email.

Here's what finally worked for me:
I clicked on the link in the first half of the email and did nothing - didn't enter my current password, didn't create a new password - I just clicked on the 'save changes' button. Several minutes later I got an email which included a new password. The email was addressed to my username. I went to the main page of the Forums and signed in with my username and the password I received in the email. This time I was able to sign in.

Suggestion:
If Tom's Forums need to verify my identity by sending a message to my account email address, that's fine. But don't include a link to the part of my profile where I change my password! Instead, let the link go to a web page that says "Thank you for verifying your identity. You will shortly receive a new password via email"
 

Titillating

Expert
Ambassador
Wow, thanks for the detailed breakdown! I've only been around for about a half a year and have not yet had to reset my password, but I'll look into this tomorrow (the work day is almost over, hooray!). I'm sorry you had such an annoying experience doing that, but rest assured that everybody here, from the mods to the dev team, is dedicated to making sure that the user experience is pleasant—even if it doesn't always seem that way!

I'll dig into the whole process tomorrow and pass on any feedback/needed adjustments to the team. Thanks again for all the details, and I'm glad you got it sorted out for now!
 
Solution

Titillating

Expert
Ambassador
So, I went through the whole password reset process myself just now, and I think I can address all of your points without having to corral a dev.

One:
That green check doesn't check whether your credentials are valid. It's only there signify that the field has been completed in a way that is acceptable. The things it checks, as far as I'm aware are: A) The username field has at least one (1) character in it, and B) The password field has a minimum of 4 characters, which is the required length of passwords.

Two/three:
These two problems are tied together. Tested a few times on a Gmail account and mine had no issues displaying the full email. The second half was not recognized as a signature. This leads me to think it's part of your personal Gmail settings (mine were left at the defaults). Tested on various other email clients, including on mobile devices, and none of them ran into this problem.

The email does not ask you to change the password yourself. After clicking on that link, you should be taken to your profile page, automatically logged in temporarily via a "token" (which you will notice in the link provided in the email), and a yellow notification bar appears near the top of the page saying: "A new password has been generated and sent by email. You can now modify it in your account settings." At this stage, you, the user, were not required to change your password in any way yet.

xqFiBbM.png



Four:
Again, does not ask you to change your password. See above.


Five:
Wasn't part of the process. Email should have been sent without you having to create a new password. After all, that would be redundant since we are sending you a new, randomized password. There's no reason we would ask you to change your password before that.



All in all, I don't know why you ran into so many issues. The root cause seems to have been issues with display settings somewhere that led to subsequent misunderstandings. The password reset system could be better, because everything can always be better, but I don't see that anything needs fixing or tweaking right now.
 

Titillating

Expert
Ambassador
What would you have us change? The password reset system works as intended. I had no issues with it and there are no other reports of anybody else experiencing difficulties with it. Do you even know how many things actually need fixing and implementation right now? What are we supposed to do about a singular, isolated case--one that has since been resolved--that can't be replicated and was possibly caused by personal email display settings?

Please, by all means, tell me what you think we should do. Tell me how to replicate the problem, point me to the problem on our end, and I'd be happy to get it fixed.