[wp-hackers] Lost Password
lists at alexking.org
Tue Nov 15 21:56:36 GMT 2005
I like your suggestion, but it is slightly less secure. In your flow
below, someone could theoretically type in the URL with a guessed
forgotten password key, create a new password and get right in. By
mailing a new password to the user, someone would have to have access
to your mailbox to steal your password via the forgot password feature.
On Nov 15, 2005, at 2:17 PM, John Joseph Bachir wrote:
> 1) fill out lost password form
> 2) system emails you a special URL to visit
> 3) you visit the special URL
> 4) this web page has you type in a new desired password. As a
> bonus, it automatically logs in you too.
More information about the wp-hackers