Forgot password procedure improvement

Has anyone figured out a way to make the process more user friendly?

Most ecommerce sites do the folllowing:

  1. click on forgot password
  2. enter email address to have a new one sent to you
  3. a) the system sends the forgotten password to the you - most common on platforms that only store address details in profiles, like CS Cart. Most user friendly. b) Receive short, 4-5 character replacement password that is often even memorable.
  4. job done, problem solved.

    Instead, customers are sent a link and the process often fails, causing no end of frustrated support requests. The current system is better than the old random long string of of characters which were no doubt more secure than your average nuclear launch codes but very confusing for customers… but it could still do with some improvement.

    Anyone got any idea how?

Having had a look through customer communication archives and more words with staff, it seems that it’s far from uncommon for peoplpe to be sent in an endless password renewal loop with success maessages at each stage, but no success other than successfully driving once loyal customers insane with frustration.

Surely if there is an error in the process, caused by disabled javascript or an unsupported browser, or whatever - it should let the user (and ideally administrator) know about it?

I think forgot password may be like that..

1) Click on forgot password

2) Enter email address

3) System sends one unique code to email

4) Enter that code... If code is correct then redirects to change password..