Password recovery workflow for app and website
I work in a company that has four mobile apps. Those apps have an iOS and an Android version.
Also, we have the main website.
Having registered, users can log in to the main website or any of the apps. They can also retrieve the password both on the main website or in the apps.
Right now, our password recovery workflow asks the user's email and then (if a user with the entered email is found) sends an email with a recovery link. This recovery email can be used just one time and has an expiration time of 24 hours.
The problems that we are facing are, for example:
- users don't receive the email,
- users receive it but it lands in spam,
- users click the link in email after it has expired,
- users receive the email, click the link, which opens in a mobile browser, they change the password, but then forget to use it to log into the app,
- etc.
I would like to know if there are any "new" password recovery workflows. For example, sending a push notification with a pin code, or sending a deep link to the app in the password recovery email, etc.
Any idea would be appreciated.
Thanks in advance.