id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23793	Password Reset is confusing	Collin Anderson	Yiğit Güler	"Ever since #19758 (Avoided leaking email existence through the password reset), I think the password reset is confusing.

- If it's not too late, could we add #19758 to the release notes for 1.6?
- Seems to me, like the comments on the original ticket said, we should still document a code example of how to validate the email address (with a caution about information leakage). (Could just copy the removed code.)
- Maybe we could reword the message ""Password reset successful"", because we're saying it's successful even if it isn't. Maybe something like, ""If we find matching email address, we'll send you an email"".
- Better yet, if there's no match, maybe we could send an email saying ""We're sorry, we couldn't find an account with your email address.""
"	Cleanup/optimization	closed	contrib.auth	1.6	Normal	fixed		cmawebsite@…	Accepted	1	0	0	0	1	0