Retrieving a Virtual Door Key

I had almost forgotten that the administrators of the WordPress.org website had to reset all passwords a few weeks ago. Until yesterday, that is, when I needed to sign into the site’s support forums, and couldn’t.

My password’s been reset! — Now what?

You can’t miss the notice about the password reset: it’s placed right above the forums’ login form.

WPPWLoginScreen

Clicking on the link in the notice takes you to the announcement on the WordPress News blog.

WPPWResetAnnouncement

It explains the reason for the password reset and, in the second paragraph, tells users that …

[t]o use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one.

The link in that sentence leads directly back to the login form.

What’s problematic is that neither the login page nor the announcement make it sufficiently clear just how you request a new password. In part, this is the result of using inconsistent terms to refer to the corresponding process.

Consistency makes instructions easier to understand

Between the login screen and the news announcement, the authors used three different terms to describe the same thing:

  • “request a new [password]”
  • “recover your password”
  • “reset your password”

The third one is especially confusing: Didn’t the site’s administrators already do exactly that, namely “reset” all passwords?

In most cases, users will want to “recover” their password, because they have forgotten or misplaced it. In this particular situation, however, that term doesn’t quite have the right feel, and “request a new password” seems like a more appropriate choice.

Aside from using this phrase consistently in all references to the global password reset, it would take just a few extra words in the instructions on the login page to make it perfectly clear what the user needs to do next:

On June 21, 2011, we reset all passwords, so you’ll need to request a new one by using the Password Recovery form below if you haven’t already.

When you first need to recover what you need to know to recover what you need

It’s not just the instructional text that leaves some room for improvement: the same applies to the password recovery process itself.

When I entered the username that I had stored in my 1Password vault, and clicked “Recover Password”, the site complained that “[t]he specified user does not exist”.

After trying a few other user names, as well as my email address, which all resulted in the same error, I decided to simply register a new account.

Alas, now the site complained that my “[e]mail [address] already exists” in their database.

WPRegistrationErrorMsg

And so I’m caught in a catch-22: I can’t recover my password, because I can’t remember my user name, and I can’t create a new account unless I would want to maintain a new, additional email address.1

For most of us, our email address is the one “digital identifier” that we use most often and, thus, is the easiest for us to remember. It’s a nasty flaw that the WordPress.org password recovery process does not allow you to use your email address to identify yourself.

Just give me something to identify you

Here’s an example for a more user-friendly way to help users deal with “Login Credentials Amnesia”.

TwitterPWResetScreen

The Captcha nuisance aside, Twitter’s password recovery form accepts both username and email address, and it even uses a single text field for either one.

The instructions on the page are more reassuring than WordPress.org’s, as well: Instead of the latter’s curt “To recover your password, enter your information below.”, the Twitter form not only tells you what to do now — “Please type …” –, but also explains what will happen once you’ve completed that step, namely that “Twitter will send you password reset instructions …”.

Admittedly, the target audience for the WordPress.org site is more tech-savvy than Twitter’s and, thus, more experienced with properly guessing what tech writers really mean with their instructions.

Nevertheless, whenever a user is faced with a serious problem, it’s a welcome courtesy when the options that are available to solve that problem are as helpful, accommodating, and forgiving as possible.


  1. After yet more guesses, I luckily did come up with the correct user name, and successfully retrieved my password.