"forgot password" should not reset password directly
|Reported by:||moo||Owned by:||Steffen Hoffmann|
|Severity:||major||Keywords:||passwort reset forgot|
it's easy to know which email someone use, trying to reset their password is funny, isn't it?
why not save a temp password in another table/file, so ppl can use it to reset password, and login later.
Change History (18)
comment:11 Changed 7 years ago by
|Keywords:||passwort reset forgot added; needinfo removed|
|Owner:||changed from Matt Good to John Hampton|
|Priority:||normal → high|
|Severity:||normal → major|