View on OpenMRS password reset email template

harisu · July 19, 2019, 12:33pm

Hello Everyone, I an @ryan97 are designing a password reset email template and have this concern. Recently there has been a lot of issues and discussion on the web with regard to privacy. We had as a suggestion to in the email template add the user operating system and browser type. We will like to hear your points on whether to use them or not.

We have already considered sending in the email

A subject
Individual who requested
Body with duration for request link to be valid
A call to action
A means of contactin support
A statement to perform no action if the reset was not intended.

Thank you. cc @dkayiwa

dkayiwa · July 20, 2019, 7:01pm

How do other systems do it?

harisu · July 20, 2019, 7:21pm

A bunch of platforms out there don’t have it like Twitter, Payoneer, Udacity while others Do like freelancer etc, Guess you might have seen them too. so I was skeptical about why and if it has any implications. Below is a sample for Payoneer very basic though maybe because they have two sept authentication

The others like Twitter and Udacity follow a similar pattern and don’t have the os and browser information included

dkayiwa · July 20, 2019, 7:31pm

What are you using the os and browser information for?

harisu · July 20, 2019, 7:33pm

They are typically not used except echoed back to the user in the email.

dkayiwa · July 20, 2019, 7:39pm

I would avoid any information which is not needed for this functionality.

harisu · July 20, 2019, 7:42pm

Ok Thank you