Difficult to change password after getting lost-password email
I forgot my password to Askbot yesterday. The lost password feature e-mailed me a link which let me log in again (BTW, the message contains a few spelling mistakes).
I expected it to redirect me to a change password page. Instead, I was logged in but I still didn't know my password. This is not normal behavior for a Web app.
So I had to look for the change password form. It wasn't obvious how to find it. I had to go to my profile page (that one is pretty obvious), then "manage login methods" (not obvious, but not too bad).
Now here's the most confusing part: there is no mention of changing password on the login methods page. I had to figure out that I have to click the Askbot logo (what is "Askbot"? How are my users supposed to know that name??). The text above mentions "re-validating a login method". What does that mean??
- The lost password link should redirect to the login methods page.
- The login methods page should contain a clear "change password" link.
- The login methods page should clearly differentiate between password login and OpenID login. Right now, password login ("Askbot") is listed like it's just another OpenID provider, which is misleading. The page should basically be split into two parts.
- The login methods list shouldn't say "local". That doesn't mean anything to the user. It should say something like "Username/password".
- If the user uses only password login, then the lost password link should redirect immediately to the change password form, as that is the expected behavior for a Web app.
Page redesign suggestion:
You can currently log in to this site in the following ways: Username/password [change password] [remove this method] OpenID (Google) [remove this method] ...other login methods... Add a new way to log in: [Google] [Twitter] [Yahoo] [LinkedIn] || [Username/password login] ...other OpenID icons || (displayed if not already avail.)