Lock Message Change

fmakram1 · March 23, 2017, 4:04am

If a user requests a password reset, they’re currently given this message:

WE'VE JUST SENT YOU AN EMAIL TO RESET YOUR PASSWORD.

I understand the security reason to be vague here. You can’t confirm or deny if this email has an account. However, this can be extremely frustrating if a user isn’t sent an email yet the system tells the user an email WAS sent.

I suggest this message be changed to something like below, which neither confirms or denies the account, but also doesn’t tell the user an email was sent if it wasn’t.
If your email was found in our account database, you will receive an email shortly!

fady · March 23, 2017, 4:07am

We support doing this already out of the box, this is defined by the success.forgotPassword in languageDictionary you can over ride this easy by the following options.


{
     /* Other lock options */
     languageDictionary: {
         success: {
             forgotPassword: 'If your email was found in our account database, you will receive an email shortly!'
         }
     }
}

Topic		Replies	Views
Customise the "We've just sent you an email" message when user initiates password reset Help lock , password-reset	3	3883	August 28, 2019
Reset password success message Help password-reset , password , email , password-email , email-verification	3	4301	March 2, 2018
I want to change the word of "provide email page for password change" Help lock	6	4419	March 27, 2019
Misleading "email sent" message when recovering password for non-existing account Help password-reset	18	7691	March 2, 2018
Password reset e-mail being sent to non-valid users Help lock , auth0 , password-reset , forgot-password	4	5071	August 26, 2019

Lock Message Change

Related Topics