id	summary	reporter	owner	description	type	status	priority	component	severity	resolution	keywords	cc	release
1427	require password change upon login with auto-generated password sent via unsecure e-mail	Phil Mocek <pmocek-trac-hacks@…>	mgood	If a password is reset and sent though e-mail (these messages are currently sent in-the-clear) a user should be required to change his password immediately after logging in with the new, ''temporary'' password that was sent to him.	enhancement	closed	normal	AccountManagerPlugin	normal	fixed	password reset e-mail insecure		0.11