Reset Password via Forget Password Workflow
A security enhancement has been implemented that restricts users to five guess attempts while resetting a password via Security Answer from “Forget Password” workflow. After exceeding the limit, the account gets blocked, requiring the user to contact support for account unlocking and password reset assistance.
This enhancement effectively addresses and mitigates potential security breaches in the Forgot Password page.
When the user clicks on ‘Forgot Password’ hyperlink on the CureMD login page, the system directs the user to the ‘Reset Password’ screen. On this screen, three methods are presented to the user to reset their password. These options include:
- Via Email
- Via Phone
- Answer Security Question
If the user chooses the ‘Answer Security Question’ option and clicks on ‘Continue’, he/she is directed to the ‘Answer the Security Question’ page where the saved security question is displayed and the user is required to enter the answer in the given text field.
If the user enters the wrong answer in the text box, a warning is displayed below the field stating:
‘Answer is incorrect. Please Enter again. Your remaining attempts: Count’
After five wrong attempts, the account gets locked and the user is asked to contact support for account recovery.