Announcement

Collapse
No announcement yet.

Customer Password Recovery

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Customer Password Recovery

    Seems the Customer Password Recovery is too strong in the way it works and requires customer service to reset in admin.
    1. The link in the email only works once.
    2. If you click on the link again you just get redirected to the login screen.
    3. If you try to send a Password Lookup email again the system does nothing.


    Is this normal behavior?

    MM9.0004 Iron and Wool ReadyTheme 9.0004.
    Jon

    Viscott Limited
    www.viscott.com

    #2
    Re: Customer Password Recovery

    The link should definitely only work once; you wouldn't want someone getting a hold of the email and breaking in later by re-using the reset link. On the email issue, probably best to handle that via support if it's still occurring. Sorry this post hadn't been replied to earlier.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      Any new thoughts since 2015 ?

      We're having === A LOT === of calls (probably topic No.1 now) requesting assistance with password reset.

      All people who call are clicking the recovery link, but getting the message that link has already expired. I've looked into the access.log and for most of the cases there are 2 requests with about 1 to 10 seconds time difference. So basically it's the antivirus/browser page pre-load assistant/etc. that opens the link before the customer and of course destroys the single-time-use link.

      Link should be valid for a short amount of time for as many opens as you want until customer changes the password (submits the form).


      ...and again... any thoughts? solutions?

      Comment


        #4
        I checked and confirmed that this issue is on the list to be addressed in a future update but I do not have an ETA.
        David Hubbard
        CIO
        Miva
        [email protected]
        http://www.miva.com

        Comment


          #5
          Interesting catch AHerb . I've noticed the same issue with customer support requests and hadn't been able to track down what was causing this issue.

          Could it be that the same thing is happening with digital download links? I have my digital product links set to expire after four download attempts. I occasionally get messages from customers whose links have expired and they insist they did not click to download more than once or twice yet their four attempts have been used up.
          Todd Gibson
          Oliver + S | Sewing Patterns for Kids and the Whole Family

          Comment


            #6
            Ditto on the interesting catch - I never thought of the links being auto-opened.
            Leslie Kirk
            Miva Certified Developer
            Miva Merchant Specialist since 1997
            Previously of Webs Your Way
            (aka Leslie Nord leslienord)

            Email me: [email protected]
            www.lesliekirk.com

            Follow me: Twitter | Facebook | FourSquare | Pinterest | Flickr

            Comment


              #7
              I get the same calls, nice catch.
              Highly caffeinated
              http://www.coffeehouseexpress.com

              Comment


                #8
                That makes sense on the auto link happening. Outlook 2016 is checking more malicious phishing links in the email and when you hover over links it will show you the full link to where the the graphic or text really links too.

                Miva: Has anything been done to address this yet?
                Jon

                Viscott Limited
                www.viscott.com

                Comment


                  #9
                  Not yet AFAIK

                  Comment


                    #10
                    I discovered that on a Mac using Firefox, I will not get a temp password. If I try on a PC it works...
                    Leslie Kirk
                    Miva Certified Developer
                    Miva Merchant Specialist since 1997
                    Previously of Webs Your Way
                    (aka Leslie Nord leslienord)

                    Email me: [email protected]
                    www.lesliekirk.com

                    Follow me: Twitter | Facebook | FourSquare | Pinterest | Flickr

                    Comment


                      #11
                      Guys, you probably just don't realize how serious the password-recovery problem is.

                      We ===ARE LOOSING=== clients and money due to the password recovery issue.
                      We get angry emails from annoyed customers. We have to respond to many password related phone calls spending time resetting the passwords, instead of sales.

                      Customer support reports, that it's still topic No.1

                      Please, provide a fix/solution asap.

                      Comment


                        #12
                        Originally posted by AHerb View Post
                        We get angry emails from annoyed customers. We have to respond to many password related phone calls spending time resetting the passwords, instead of sales.
                        Same here
                        Highly caffeinated
                        http://www.coffeehouseexpress.com

                        Comment


                          #13
                          Oh, and security of personal data...
                          What kind of security we're talking about, when most customers do not change the "hello123" (or similar) password set by phone to something different as they are afraid to not be able to login again later?

                          Comment


                            #14
                            So we are new to Miva - we have had a lot of password reset calls since launch on Oct 4th, but it seems to be consistent at least 2 a day. In reading this thread, it seems to be a continued issue.

                            Comment


                              #15
                              We too are having these problems. We joined Miva in October and have seen an uptick in these errors and calls in the last 2 weeks and since the update to the latest version.

                              Comment

                              Working...
                              X