Last modified: 2011-07-24 11:41:24 UTC
Step 0. User requests a temporary password e-mailed to him. (wait 6 hours) Step 1. A temporaray password e-mail is received, and read. Step 2. The password is entered. wrong. Captcha pops up. Step 3. The password is entered again. Correct. (Telling W from w is hard in the display font of the e-mail client, e.g.) Captcha challenge is entered. Wrong. (80% was readable, 20% was just guesswork. Non-englisch speakers have an even worse rate, naturally, which is discriminatory, btw. most specifically for those not understanding latin letters well) Step 4. The password is entered again. Correct. New Captcha challenge is entered. Wrong again. Step 5. The password is entered again. Correct. New Captcha challenge is entered. Correct. NOW one finally knows that, the bet for the password was a good one! Step 6. Server says the password was a temporary one, and asks to change it. New Password entered New password entered a 2nd time. Step 7. *BUG* Server says: "Incorrect password entered, please retry login" showing login screen. Capcha pops up. (User is excellently bewildered, and down, starting to believe he now likely needs another "e-mail password to me" cycle, taking several hours ) Temporary password entered. Correct. (Certain! It came from previous copy&paste buffer) Yet another captcha challenge entered. Wrong. Or right? Noone knows. Step 8. Server says: "Incorrect password entered, please retry login" showing login screen. Capcha pops up. Temporary password entered. Correct. (It came from previous copy&paste buffer) Yet another captcha challenge entered. Correct. 100% readable, 250% checked, correct. Step 9. Server says: "Incorrect password entered, please retry login" showing login screen. Capcha pops up. NEW password entered. (just trying) Correct. (luckily!) Yet another captcha challenge entered. Correct. (luckily) Step 10. Server response is a "Login successful" screen. (UNBELIEVABLE! User is reliefed) Forgive me my verbouse portrayal. There are not so few users who do not go all the way. They say "does not work for me", give up and create another account, or go away and do not come back. How do I know? Well, some ring me because they know me, and tell me: "If I did not know you ..." - So I must assume, those who do not know me to behave statistically similar. Once in a while I stumble over a user page saying: "I was fomerly XY, but I lost the password." Suggestions: ----------- 1. the message marked *bug* above must be changed to something like: "New password accepted. Now relogin using the new password, please" - if this step cannot be simply avoided. 2. it would be very helpful to both humans and bots, if captchas could be saved until after a 2nd (or better 3rd) failiure. (You do not log in bots so very often? Still, once in a while you do, and doing it not often makes the process even more prone to errors. I am operating several bots in various wikis, believe me, I collected waiting times already summing up to a week or so, just because of accidentally mistyped passwords or accidentally typing the "usual one" automatically, instead of the bots passwort)
*** This bug has been marked as a duplicate of bug 10861 ***