Wouldn’t it be nice to send a link via email to allow for password Reset instead of a token.
Additionally for the IAM operator to be able to set a template for the Reset password email that will be send to the user.
Scenario:
- User presses the forgot password.
- Receives an email, provided the email or username entered exists under an IAM user.
- The User upon pressing the link it is redirected to Reset password page
- The User enters only new password and verifies password, provided it meets strength and complexity.
Cons: We avoid the sending of tokens and the User needing to copy/paste or memorize it to enter it in the existing reset password.
Pros: The Reset password becomes simpler, as the token can be already enbedded in the link send in the email.
