|
The OpenCCC Helpdesk reports an increase in /wiki/spaces/OPENAPPLY/pages/120619069, primarily Username & Password reset issues. In 2015, the percentage of incoming account recovery calls rose to 6.13%, up from 4.3% in 2014.
The current Account Recovery process requires users to answer security questions to recover/remember their *Password* in order to retrieve their login credentials to signin to OpenCCC account. Often times (X%) the process fails because the student cannot remember their security questions, resulting in calls to the Helpdesk for assistance. At that point, the Helpdesk either helps them regain entry to their security questions or asks them to create a new account. Our system-wide project goal is to minimize duplicate accounts across the system.
*Ensure that the user experience is user-friendly, cohesive and complete - from where the user starts the process (Apply, Bog, iA or CAI, or Portal) through the full account recovery process and land on their original destination.
mplement new functionality in the account recovery process allowing user to "Reset Password" by way of a secure Email Link sent directly to the Users <email>. The existing Account Verification page will be revised to include two options (radio buttons) to initiate recovery:
Redesign the Account Recovery / Reset Password functionality in two phases:
Phase I; Redesign Account Recovery page to inlude two options: 1) Request email with link to recover password: and 2) maintain our exisint security questions option (using same sequence as we use currently).
Phase iI: Add an addtiiona option to send user an SMS Text message with a temporary password - whcich would be reset once they enter Password reset page.
Phase I: As a student user, I want an alternative option to reset my Account password in addition to the existing security questions optoin. I want tto be able to request an email with a link in it to recovery my password. The email should be simple, clean with minimal wordsThe email should have a link in it that takes me to the existing Password Reset pageAdd email llink option to the exisint account recovery page
# | Title |
---|---|
1 | Revise text and layout of the Account Verification Page to display two radio button response options for password reset: 1) send an email with secure, unique link to Reset Password page; and 2) show security questions to get to Reset Password page. Page includes "Cambiar A Espanol" button, spanish hover help for both options, a "Help" link to existing Help page and a "Continue" button to initiate process based on option selected. |
2 | Add logic for: IF user selects "Option 2: Access account by answering security questions" on Account Verification page, THEN:
|
2A | Ensure all existing account verification and account recovery logic, conditions, and validaton remain in place for answering security questions (number of attempts and validation), |
3A | Add logic for: IF user selects "Option #1: Send me an email link to reset password" on Account Verification page, THEN
|
3B | Develop secure, unique, randomly-generated, time-sensitive URL link that will allow User to link directly into the "Password Reset" page from email account. URL will expire 24 hours after user initiates the process by selecting Option 1 and clicking "Continue" on Account Verification page. |
3C | Implement a system to log all IP addresses from attempts to reset password in a temp table with a timestamp to track IP. If there are 15 request in the course of a minute, then add the IP to a banned IP field in the database that is checked on each request. We will need clean up processes to delete these temp fields after an hour or so, we don't permanently ban IP address that maybe assigned to another person. |
3D | Create and display "Password Reset Email Sent" confirmation page with "OK" button and "Help" link. |
4 | Create and display 'Password Reset Email Link Expired" page - if user attempts to access link after 24 hours, with language and continue button to return the user to the Account Verification page to start the process over. |
5 | Add Spanish hover help text for radio button options on revised Account Verification page. |
6 | Update specs: OpenCCC Account Data Dictionary - (TBD) |
1) Revise layout, text, conditions, and logic on existing Account Verification page to improve password recovery process:
We found an existing account based on the information you entered.
Please select one of the following options:
(radio button) Send me an email link to reset my password.
(radio button) Access my account by answering security questions.
Breakdown of New Account Verification Page Conditions
Condition | Trigger | Action |
---|---|---|
IF user selects Option 1: "Send me an email link to reset my password" | Clicking on radio button #1 and clicking "Continue" |
|
User clicks on "OK" button on "Password Reset Email Sent" confirmation page | Clicking "OK" on confirmation page |
|
IF user selects Option 2: "Access my account by answering security questions." | Clicking on radio button #2 and clicking "Continue" |
|
User clicks on "Continue" after entering responses to Security Questions | Incorrect answers |
|
User clicks on "Continue" after entering responses to Security Questions | Correct answers |
|
2) Show Security Questions input fields and change layout, text, and button position on the Account Verification page when user selects Option #2:
to this to this
3) Requirements for Option #1: Send "Password Reset Email" message with unique URL link and display "Password Reset Email Sent" confirmation page.
If user selects Option 1: "Send me an email link to reset my password" from the Account Verification page, THEN, initiate the following requirements:
Use the following text in the body of the email
Email Subject line: Your Password Reset Request
NOTE to Developers: It's very important that the User is redirected back into the same workflow they started from. Patty will work with Parker and Josh to describe the goals and objectives for this feature to get assistance articulating all requirements for the URL attributes. Similar to the proxy process, we want the user to have a user-friendly, effective, account recovery experience from start to finish. After the email link is clicked on from the user's email account, they should be taken right into the Reset Password page and after new password is created and user logs in - they should be signing in to the application they originally intended to get to when they started account recovery.
4) Display "Password Reset Email Sent" confirmation page with the following onscreen text and button links:
NOTE: Very important that the user is returned to the application they were originally trying to get to before account recovery (i.e., if user started process from a BOG application URL, hit Shib and couldn't remember password and initiated account recovery/password reset using email URL link, after new password is created and confirmed, user is returned to Shib Sign In page and upon successful signin will land on the BOG My Appliications page. The URL attribute for the BOG application will be included in the email URL, including their CCCID.
#5) Add UI page for when the reset link expires (after 24 hours).
1) Page would appear if the user clicks the URL after 24 hours
PW Reset Email Link Expired