You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

In order to increase the security, a new reset password procedure allows the end user to change the password without sending a password unencrypted by email. The end user receives a link in order to change his password.

Solution

On-line procedure

1. As in the current solution, the user enters the Ticket Shop, displays the Sign In page, and clicks on FORGOTTEN YOUR PASSWORD? Then, he enters his email address and clicks on button RESET PASSWORD. Request is completed with success message Your request has been registered. You will receive an e-mail including a link that will allow you to reset the password. If you don't receive the email, it means your account has not been created. Please repeat your request.

2. The user receives an email that contains the URL to open the Reset password page, he clicks on the URL

3. The user is prompted to new Ticket Shop page Reset password, with the option to enter and re-enter new password, password should be input followed valid format, otherwise require user to input other one.


If the password is changed correctly, user is logged in the Ticket Shop and is prompted to Account homepage with new message Your password has been changed successfully.


Characteristics of the reset password link

Following measures have been taken to ensure a very high level of security:

  • The link is valid during 48 hours. Once the link is expired, the internet user will have to click again on FORGOTTEN YOUR PASSWORD? in order to get a new link.
  • A link can only be used once
  • The link is protected against forgery by means of a digital signature. In other words, a dishonest internet user has no chance to reset the password of another contact by modifying the link.

Box office procedure

The box office operator can trigger the new reset password procedure from the list of contacts screen (button RESET PASSWORD).


The new reset password procedure can also be triggered from the contact detail screen

Getting started

  • The feature is available automatically.
  • You can customise the email sent to the end customer and containing the reset password link by updating the document template of the document belonging to document class Reset password (menu institution context > initialisation > Document types)




  • No labels

© SecuTix 2023 - Login