Sometimes an end customer may complain about the forgot password functionality of magento not working. Unfortunately, one of two things is going on:
- The most common: The customer actually does not have an account on the site.
- There actually is email issues going on from preventing the customer
Unfortunately, the forget password submission has a message that says “We will send you a password if the account exist.” If it doesn't exist - nothing happens. This kind of stinks - but it's actually because of best practice security.
The reason for this is someone can take a list of 100 million addresses (which exist) and then run them through a website's forgot password mechanism. If there is a success or error message like “This account exist and we will send you your password”, and “this account does not exist. Please try again”. Then a beginner hacker can then get a customer list and sell that to your competitors!
So security practices tell website platforms that it is best not to confirm or deny the existence of an account on a website.
But I have a customer who swears they've ordered from us - even more than once before!
It’s more likely this person checked out as a guest and didn’t create an account. This causes more confusion for customers since they think they have an account, but they actually do not. These users have two choices:
- The user should be told they need to create an account.
- Checkout as a guest again.
You can verify the existence or non existence of an account by going to the customers section of magento and searching by email address. If the account exist, it will show up in the list.