Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
For several versions now we've kept the terminology "Request new password" for password recovery, whereas in fact we do a one-time login link. This discrepancy confuses the user and also tends to have them not realize that they can use the link just to log in... or that they have to take action after they log in.
We need to rethink this and find new words that tell the user what's really going on.
Comment | File | Size | Author |
---|---|---|---|
#55 | resetPassword.png | 18.74 KB | joyceg |
#53 | D7_passowrdReset_account.png | 24.85 KB | mahalingam_cs |
#53 | D7_Passowrd Reset Form.png | 35.76 KB | mahalingam_cs |
#51 | 734536-51.patch | 5.03 KB | therealssj |
#48 | Terminology_wrong_Request_new_password-734536.patch | 4.85 KB | himanshugautam |
Comments
Comment #1
pillarsdotnet CreditAttribution: pillarsdotnet commented"Request login by email" is literally correct. Is it acceptable?
Comment #2
rfayYes, that works for me.
Comment #3
pillarsdotnet CreditAttribution: pillarsdotnet commentedComment #4
pillarsdotnet CreditAttribution: pillarsdotnet commented#3: request_login_text-734536-3.patch queued for re-testing.
Comment #5
pillarsdotnet CreditAttribution: pillarsdotnet commented#3: request_login_text-734536-3.patch queued for re-testing.
Comment #6
rfayCould this be "Request login link via e-mail"? or is that too long? It's more explicit.
17 days to next Drupal core point release.
Comment #7
pillarsdotnet CreditAttribution: pillarsdotnet commentedThe title should be longer and more explicit than the link text, I think.
Incidentally, there is some inconsistency in "email" versus "e-mail".
Re-rolled with longer/more explicit text in both link and title.
Comment #8
rfayOops.. 'vi email'. Probably standardizing on 'by' would be better than via anyway.
16 days to next Drupal core point release.
Comment #9
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedMarked #255518: Usability: Request new password button incorrectly named as duplicate.
In #255518: Usability: Request new password button incorrectly named there was good discussion about the pretty standard language "Forgot your password?". What if we set the non-logged in links and the /user tab to "Forgot your password?" but set the button to "Request login link by e-mail" and the link titles to "Send a one-time login link to the account e-mail address"?
Here is a patch with these suggestions included.
Comment #10
Everett Zufelt CreditAttribution: Everett Zufelt commentedLooks good. Though, I do always wonder about the efficacy of putting anything important in the title attribute. screen-reader / keyboard only users will have 0 access, and most other people only get access on hover, after they have already made a decision.
Comment #11
rfayI'm good with this terminology.
IMO the title attribute is not just irrelevant for screen-reader users... Nobody ever sees it at all. Especially people who don't already know the answer to the riddle.
Comment #13
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedHmm the patch failed because line #1054 of system.test expects the password reset link to be
$this->drupalPost('user/password', $edit, t('E-mail new password'));
. Should I re-roll the patch with an updated line #1054 for system.test as well?Comment #14
pillarsdotnet CreditAttribution: pillarsdotnet commentedYes.
Comment #15
Bojhan CreditAttribution: Bojhan commentedThis seems like quite a bad direction, can we please research and adapt industry standards on this?
Comment #16
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedHere is #9 with the system.test update.
@Bojhan, what are you referring to when you say "This seems like quite a bad direction"?
Comment #17
Bojhan CreditAttribution: Bojhan commentedIt changes the wording to something you will never see on any other website, but Drupal websites.
Comment #18
drupal_was_my_past CreditAttribution: drupal_was_my_past commented@Bojhan, could you be more specific as to which wording is something you will never see on any site but a Drupal site?
"Forgot your password?" is pretty standard wording, which is why I'm recommending it for the link text and tab title. I'm recommending the less common, but more accurate wording requested in earlier posts for the link titles.
Comment #19
Bojhan CreditAttribution: Bojhan commented@rocket_nova Hmm, am I reading the patch wrong? Can you provide screens for review?
Comment #20
drupal_was_my_past CreditAttribution: drupal_was_my_past commented@Bojhan, Here are some screens to review. I tried to get the hover states as well.
Comment #21
rfay@Bojhan I agree that "forgot your password?" and "reset password" are not unusual at all. What we have (forever) is really odd because it doesn't correlate with what we actually do.
Comment #22
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedRe-rolled after #22336: Move all core Drupal files under a /core folder to improve usability and upgrades core directory structure for Drupal 8 was changed.
Comment #23
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedComment #24
rfayCommit in #1326172: Improve wording of the "Current password" field description on the user edit form broke this patch. Just a minor fix is required.
Comment #26
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedRe-rolled patch from #22 to accommodate #1326172: Improve wording of the "Current password" field description on the user edit form.
Comment #28
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedOops. Missed a test.
Comment #29
rafamd CreditAttribution: rafamd commented"Request login link by e-mail" for the action link label seems too long and confusing. How about "Send instructions" ?
Comment #30
drupal_was_my_past CreditAttribution: drupal_was_my_past commented@rafamd: as pillarsdotnet and rfay said in #18, we're trying to make this more explicit. I think "Send instructions" is too vague.
Comment #31
rafamd CreditAttribution: rafamd commentedre 30: ok, sounds reasonable.
Looking at the screenshots (thanks for suggesting them @Bojhan, they ease evaluation), I've one more comment. In the user edit screen "Current password" field description, the wording is "Reset password" and in the other scenarios it's "Forgot your password?". Why using different terminology for basically the same thing?
Comment #32
rafamd CreditAttribution: rafamd commentedOne more thought ... how about "Send login link by e-mail" instead of "Request login link by e-mail".
Sounds more friendlier, and straightforward. "Request" can imply there are additional steps involved, such as an administrator intervention, etc. while "Send" sounds more automatic.
Comment #33
rafamd CreditAttribution: rafamd commentedsetting better tag
Comment #34
drupal_was_my_past CreditAttribution: drupal_was_my_past commented@rafamd That seems in line with the other language changes. Here is a patch to that effect.
Comment #35
rafamd CreditAttribution: rafamd commentedNice.
What about #31 ? Why don't we use "Forgot your password?" all times instead of having "Reset password" in some places ?
That will bring consistency, as we are speaking of the same functionality every time (even links point to the same place).
Comment #36
Nephele CreditAttribution: Nephele commentedFYI, #75924: Include fields for resetting password on the one-time password reset page has also tackled changing the language of the password reset feature, so I think this issue may be a duplicate.
Comment #39
mgiffordThis still a concern in D8? Unassigned issue too.
Comment #40
rafamd CreditAttribution: rafamd as a volunteer commentedIt'd be an improvement IMHO.
The patch would need a re-roll including what I mentioned on #35 (the last two screenshots shown in #20 still use 'Reset password' instead of the standard 'Forgot password?' we are introducing).
Comment #41
Peacog CreditAttribution: Peacog as a volunteer commentedD8 uses "Reset password" ans "Send password reset instructions via email" consistently on the user login form and the user account form. I've attached some screenshots. I think this means we can mark this issue as fixed.
Comment #42
Peacog CreditAttribution: Peacog as a volunteer commentedSorry, rather than marked as fixed, this should probably be re-rolled for 7.x, using the terminology from 8.x.
Comment #43
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedWe have to be careful about introducing new translatable strings on this form in a stable release though (since it's such a commonly-used end-user-facing form).
However maybe we could consider changing the button text from "E-mail new password" to "Request new password" (since that reuses an existing translated string) - I think that would be an improvement (though contrary to the title of this issue)? It could break some people's automated tests but may be worth it since the current button text is basically just plain wrong.
Comment #44
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedLinking to the issue that changed this in Drupal 8.
Comment #45
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedAs pointed out there though, losing the word "e-mail" from this form may not be great as the user doesn't know what to expect. (Although after they submit the form the confirmation message does tell them they were sent an email.)
Perhaps we should close this issue and open the other for a backport discussion instead (since that is where the most recent relevant discussion from Drupal 8 is).
Comment #46
sachin00700 CreditAttribution: sachin00700 as a volunteer and commentedComment #47
prateek_drupalWe can also name it to "Password Recovery" instead of "Request New Password"
Comment #48
himanshugautam CreditAttribution: himanshugautam commentedpatch re-rolled for Drupal 7.x
changes made as:
"E-mail new password"
to"Request new password"
"Request new password"
to"Reset your password"
"Request new password via email"
to"Send password reset instructions via e-mail"
Comment #49
himanshugautam CreditAttribution: himanshugautam commentedComment #51
therealssj CreditAttribution: therealssj commentedpatch re-rolled for 7.x in accordance with this issue to maintain consistency in d7 and d8.
Comment #52
therealssj CreditAttribution: therealssj commentedComment #53
mahalingam_cs CreditAttribution: mahalingam_cs at TATA Consultancy Services commentedApplied the patch mentioned in #51 and tested the terminology change successfully in D7. Attached the screen print for reference.
Comment #54
mahalingam_cs CreditAttribution: mahalingam_cs at TATA Consultancy Services commentedChanging to the correct status
Comment #55
joyceg CreditAttribution: joyceg commentedThis is a better terminology. Good work.
The patch worked for me.
Comment #56
yoroy CreditAttribution: yoroy commentedComment #57
yoroy CreditAttribution: yoroy commentedPatch still seems to apply, setting back to rtbc.
Comment #58
Fabianx CreditAttribution: Fabianx as a volunteer and at Tag1 Consulting commentedPhew, hard to decide.
Yes, this is great. But the strings are not translated.
Assigning to Gabor to get feedback if we can implement those strings hidden in core, wait for translations to catch up (or copy from D8) and then release this.
Comment #59
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedLet's put it back to "needs review" for that for now.
Those are interesting ideas, but I mentioned in IRC that (a) it might take a very long time for all translations to catch up (either Drupal 7 or 8), and (b) people sometimes override these kinds of strings locally via settings.php or the admin UI (even on an all-English site) which is an issue with breaking "translations" as well.
That's why https://www.drupal.org/node/1527558 has always been very strict about not changing end-user-facing strings (as opposed to admin-facing strings) unless it's a really serious issue.
However, as I also mentioned on IRC, I've been wondering if we could add some kind of opt-in "fallback" translation mechanism to Drupal, whereby if a translation is available for the original string but not the new string, it falls back on displaying the original translated string in preference to the new untranslated string. (As far as I know, WordPress has a system similar to that.) With that in place we could potentially start changing translatable strings much more aggressively, and get issues like this one fixed.
I need to look into it a little more (and probably file a separate issue) although I don't have time for that right at this moment.
Comment #60
therealssj CreditAttribution: therealssj commented@David_Rothstein The opt-in does sound like a good idea but the string must have been changed for some good reason so imho an option which would allow us to define new translations for some specific languages would be even better.
Comment #61
stefan.r CreditAttribution: stefan.r commentedI like the idea of #59...
Comment #62
Chris Matthews CreditAttribution: Chris Matthews commentedI just had a client who was very confused by the /user/password page as he could not understand why the email he received did not contain his new password, even though the tab says 'Request new password' and the button link says "E-mail new password." Is applying the current patch the recommended way to make this process more user friendly?
Comment #63
Chris Matthews CreditAttribution: Chris Matthews commentedI ended up using the String Overrides module to:
Change 'Request new password' to 'Reset your password' (patterned after D8)
Change 'E-mail new password' to 'Submit' (patterned after D8), but I think 'E-mail reset instructions' or 'E-mail instructions' could also work
Then, I displayed a block on /user/password with the following text (patterned after D8)
"After clicking Submit, a link to reset your password will be sent to your registered email address."
Finally, I enabled the simple_pass_reset module to eliminate the one-time login form.
I'm sure there a many ways to accomplish this, but the above solution immediately cleared up the confusion for my client.
Comment #64
prateek_drupal"Request for account reset/recovery" might sound more prominent.