I prefer to check here rather than opening an issue on github:
on my installation, OJS 2.4.8.2, the page for recovering the password is misleading and several users failed to recover the password flawlessly.
The problem occurs with the “single step for password reset” enabled and regards the possibility to edit the username field, which should be disabled. Is it the default behaviour?
In my experience editing the username field raise always an error (at least with the “single step reset” enabled), and several users do edit that field.
Thanks,
P.
Hi @piero_tasso,
Can you clarify – are they changing the username field, thinking that they can choose a new username for their existing account?
Regards,
Alec Smecher
Public Knowledge Project Team
Yes, some of the users just think that they can change their username, others just do not remember nor recognize their username and they replace the correct one with their institutional account. Another case happened today: the browser (perhaps a password manager?) changed the field putting the email.
I already changed the locale key user.login.changePasswordInstructionsOneStep adding a “Do not modify your username” but with not much luck 
Hi @piero_tasso,
Interesting – and this is the first time I’ve heard this feedback. Off the top of my head, the password reset URL pre-fills the username field, correct? I’d suggest making a change so that the field is made read-only on that form. I’m open to contributions on this, but consider it a low priority.
Regards,
Alec Smecher
Public Knowledge Project Team
1 Like
Correct, and I am not aware of situations where you should edit that field
that’s exactly my thoughts. I’ll have a look into that, maybe (maybe…) I’ll be able to sort it out and to make a pull request.
Thanks and regards,
piero