[wp-hackers] Lost Password
sepp at offline.ee
Tue Nov 15 22:07:11 GMT 2005
Actually I think the first step to cure this behaviour might be very
simple: get rid of this first loginlink which makes you think that this
Replace it with a text "New password on it's way. Check your inbox".
Suddenly everything makes perfect sense ;)
just my 2 cents :)
Alex King wrote:
> I like your suggestion, but it is slightly less secure. In your flow
> below, someone could theoretically type in the URL with a guessed
> forgotten password key, create a new password and get right in. By
> mailing a new password to the user, someone would have to have access
> to your mailbox to steal your password via the forgot password feature.
> On Nov 15, 2005, at 2:17 PM, John Joseph Bachir wrote:
>> 1) fill out lost password form
>> 2) system emails you a special URL to visit
>> 3) you visit the special URL
>> 4) this web page has you type in a new desired password. As a bonus,
>> it automatically logs in you too.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers