Opened 5 years ago

Last modified 5 years ago

#1953 new improve feature

Lost password should be challenge/response before password reset

Reported by: jsfan Owned by:
Priority: minor Milestone: unassigned
Component: BW Profile Keywords: lost password, security
Cc: shevek

Description

  • Issue:

When using the "Lost password" link on the homepage, a new password is issued straight away and emailed to the member.

  • Solution:

Issue a special link and email it. Clicking on this link allows changing the password.

Change History (1)

comment:1 Changed 5 years ago by beatnickgr

after loging in with the new password, i'm back at the page "we just sent you a password, check your email". I'd prefer to be prompted to "mypreferences" in order to put a new password.

Note: See TracTickets for help on using tickets.