[wp-hackers] Lost Password

Alex King lists at alexking.org
Tue Nov 15 21:56:36 GMT 2005


I like your suggestion, but it is slightly less secure. In your flow  
below, someone could theoretically type in the URL with a guessed  
forgotten password key, create a new password and get right in. By  
mailing a new password to the user, someone would have to have access  
to your mailbox to steal your password via the forgot password feature.

Cheers,
--Alex

http://www.alexking.org/



On Nov 15, 2005, at 2:17 PM, John Joseph Bachir wrote:

> 1) fill out lost password form
> 2) system emails you a special URL to visit
> 3) you visit the special URL
> 4) this web page has you type in a new desired password. As a  
> bonus, it automatically logs in you too.


More information about the wp-hackers mailing list