Info |
---|
Allows a user to log into LearningBuilder if they forget their password and no longer have access to the email address on file. Currently scheduled for Released in 11.0.18, subject to change. Sys Admins can also view configuration instructions. |
Info |
---|
This feature applies to “Person” accounts only; Organization type accounts cannot recover their accounts this way. |
Table of Contents |
---|
Overview
LearningBuilder allows users who have forgotten their password to recover their account by confirming access to the email address on file. They can request an email containing a link that allows them to reset the password.
...
Note |
---|
Allowing users to bypass the password and email account verification process can potentially reduce site security. Account Recovery is disabled by default and should be implemented with care. |
...
Details
The specific information needed to recover an account is configurable by a Sys Admin.
...
Data field | Notes |
---|---|
Primary email address | |
Social Security Number | |
Driver’s License Number | |
Any extrinsic Short Text, Numeric, Date, or Pick List attribute on a | Common use case is Birth Date, but can also be used to confirm identity using other (presumably private) information tracked on the Member Role. |
User experience
When Account Recovery is enabled, the “Forgot Password” page will display an option to begin the recovery process.
...
The recovery page will prompt the user to input the required information, which again can vary between implementations.
...
Email and password change is required upon successful recovery
If the user input successfully identifies a single Member
account then the user will be prompted to enter a new email address and password.
This is a required step of the recovery process, because use of the Account Recovery feature implies that the email address is no longer accessible, and we want the user to properly secure their recovered account.
After entering the new email address, an email is sent to that address containing an account recovery code, similar to the standard Reset Password flow.
...
After the new password is validated the primary email account is updated and the user is successfully logged in.
Account Recovery is disabled after 3 failed attempts
To prevent brute-force account recovery attacks, three subsequent failed Account Recovery attempts will disable Account Recovery for that account.
Members in this status will not be able to use the Account Recovery feature; they . They can continue to log in normally (assuming they know their password) and can use the Reset Password feature if they have access to their primary email, this status only prevents the use of the Recovery feature.
In all other cases, they will need to contact support to have their password reset by an administrator.
...