Handling Cannot Remember Password

Could someone please take a look at the pseudo-code below and let me know your thoughts on how I am handling when Users Cannot Remember Their Passwords?


Cannot Remember Password
At {Authenticate Customer}, if the Customer cannot remember his/her Password…
The System asks the Customer to enter his/her Primary E-mail.
The Customer enters his/her Primary E-mail address.
The System verifies that the E-mail address is on file.
The System verifies no more than 3 Password Re-sets have been made for this E-mail within the past 24 hours.
The System generates a Temporary Password (which expires in 4 hours).
The System e-mails the Temporary Password to the Customer’s Primary E-mail.
{Log In and Re-set Password}
The Customer logs in using the correct Username and the Temporary Password.
The System prompts the Customer to re-set his/her password before continuing.
The Customer creates a new Password.
The System updates the Customer’s Password on file.
The System logs in the Customer.
The use-case resumes at the next step…
{Log In but Doesn’t Re-set Password}
The Customer logs in using the correct Username and the Temporary Password.
The System prompts the Customer to re-set his/her password before continuing.
The Customer does not create a new Password.
The use-case ends.
{Log In after 4 Hours}
The Customer attempts to log in using the correct Username and the Temporary Password after 4 hours.
The System informs the Customer that the Temporary Password has expired.
The System instructs the Customer to re-set his/her Password.
The use-case continues at {Cannot Remember Password}.
{More than 3 Password Re-sets}
If more than 3 Password Re-sets have been made for a given E-mail within a 24 hour period…
The System logs the failed attempts.
The System notifies the System Administrator.
The System locks out the Customer Account in question.
The System informs the Customer to contact Customer Service.
The use-case ends.

TomTees

That was actually an “Exceptional Flow” as part of a larger Use-Case.

It is written correctly, but may not make sense since it is a snippet of the large use-case.

Anyways, as long my logic seemed okay, that was my only concern.

Thanks for the feedback!

TomTees

P.S. I have two similar posts entitled “Handling Invalid Passwords” and “Handling Invalid Usernames” that I could use some logic checking on. :slight_smile:

The format is pretty hard to follow, but the process it describes seems reasonably tight.

It doesn’t really look like pseudocode to me, but some odd and unstructured way of describing a process. I would model the process with a diagram first (use scrap paper because it will probably take a few goes before you’re happy with it).

Pseudocode is generally more of a precursor to sitting down and writing the actual code, and is structured in a similar way except that you gloss over low-level details. It can be as rough or as standardised as you like: its only requirement is that it is meaningful to you.

I’m not so sure that pseudocode is even the correct tool to model the above process because it involves multiple requests to different resources. Consider a UML diagram instead. Pseudocode would be better used for describing some of the individual steps in greater detail.

Cheers,
D.

Any comments on my pseudo-code??

TomTees