Forget Password feature should not accept invalid email addresses
I started deploying this system to my customers and I am getting support issues about the login system. For users, that do not have an account, UserEcho still sends out email. So user assumes they already have an account. Here is some feedback from them:
"I've tried to add an idea but I'm not able to obtain password for authentification. The "forgot password" link doesn't send me a password."
"I was wondering when it was going to ask me to log in using some sort of credentials, and wasn't sure if I had an account on said system. I used the "forgot my password" link and entered my email address, and the system told me information would be emailed to me (which I took to mean that I *did* have an account). But it's been 30 minutes or so and I haven't gotten an email..."
So conclusion: New Users do not have an account. UserEcho should not send email out if this does not exist in system. When user enters email address and requests password, UserEcho should validate email, and if it does not exist in the system , should tell user this.
Now users get correct messages.
No account found with that email address