There are various scenarios in which a password needs to be used. A feature that goes hand-in-hand with password use is the ability to change or reset it. The need to change a password arises predominantly for two reasons: 1) as a means of maintaining high security by regularly changing the password so that unauthorized persons do not gain access to the password protected service or product in question and 2) as a means for the authorized user to regain access to it when the password is either forgotten or lost.
Common Password Changing Process
Every service or product that incorporates the username-password facility has an option for changing the password. This option is mainly found in the “Administrative Panel” or the “User Management Panel.” Most of the password changing components follow a common pattern as depicted below.
|Enter Old Password|
|Enter New Password|
|Confirm New Password|
The user is asked to enter his/her old password for authentication. The user then enters the new desired password. A confirmation is provided to ensure the authenticity of the new password. Sometimes a hint option is also provided so that the user can guess his/her password from the hint.
A large number of websites require users to login with a username and password. This feature is common especially among free web service providers who offer free email accounts or free web space. The open nature of the Internet necessitates the use of usernames and passwords so that authorized users alone can gain access to their respective accounts. As stated earlier, users need to change their passwords on a regular basis in order to maintain a high level of security so that the account does not become accessible to any one of the millions of other users on the Internet.
Moreover, since these accounts come free of cost, users sometimes indiscriminately register accounts with a number of service providers. They also assign a different password for each account that they operate. Soon enough they forget the passwords assigned to their accounts and the accounts become inaccessible. Under these circumstances, the user might require the service provider to reset the password so that the account becomes accessible once again.
Service providers provide a way for users to change their passwords through their accounts management interface. The application usually requires users to enter their old password then type in the new password twice for verification. When the new password adheres to all the specifications that the site stipulates, the new password is accepted and becomes the account’s current password. Some websites even prompt users to change their passwords on a periodic basis.
Lost Password Recovery
When it comes to users forgetting their passwords, service providers offer them a way to regain access to their accounts by resetting their passwords for them. To do this, users are normally required to furnish some account details they had entered earlier while creating their account for the first time, so that the authenticity of the password reset request can be determined. The account details required could be the user’s date of birth, their zip code, or the answer to a secret question that they had entered during registration. Once the user enters the correct details, a new password is usually sent by email to a user-specified alternate email account. The user can log into the account with this password and later change the password with the account management interface.