Forgot Password?

See Also: "Expired Link" message (Re-direct), Generate AUTH link & send to e-mail (Enter e-mail or username)

Generate AUTH link & send to e-mail

See Also: Link active?, Forgot Password? (Enter e-mail or username)

Link active?

See Also: Generate AUTH link & send to e-mail, Open the page to set the new password (YES), "Expired Link" message (NO)

 "Expired Link" message

See Also: Link active? (NO), Forgot Password? (Re-direct)

Open the page to set the new password

See Also: Link active? (YES), Set the new & confirm new password

 Make sure the page is HTTPS

Set the new & confirm new password

See Also: Open the page to set the new password, Show the success message

 Password policies consistent?

 Try entering different passwords

 Try with only spaces

Show the success message

See Also: Set the new & confirm new password, Login web-page (Re-direct)

 Navigate to homepage with success message?

 Shows success message on same page where you changed password?

Login web-page

See Also: Show the success message (Re-direct)

AUTH Link

 Make sure the AUTH token is at least 16 characters

 Alphanumeric token

 Not visible anywhere in HTTP request header while submitting forgot password request

 Hard-coded token or dynamic generation?

AUTH Link active?

 What happens to the link if never used?

 Possible to re-use the same link to set new password?

 Tamper with token & see if it still works?

 What message is displayed when link is expired?