[wp-hackers] Lost Password

Sepp sepp at offline.ee
Tue Nov 15 22:07:11 GMT 2005

Actually I think the first step to cure this behaviour might be very 
simple: get rid of this first loginlink which  makes you think that this 
was all.
Replace it with a text "New password on it's way. Check your inbox".
Suddenly everything makes perfect sense ;)

just my 2 cents :)



Alex King wrote:

> I like your suggestion, but it is slightly less secure. In your flow  
> below, someone could theoretically type in the URL with a guessed  
> forgotten password key, create a new password and get right in. By  
> mailing a new password to the user, someone would have to have access  
> to your mailbox to steal your password via the forgot password feature.
> Cheers,
> --Alex
> http://www.alexking.org/
> On Nov 15, 2005, at 2:17 PM, John Joseph Bachir wrote:
>> 1) fill out lost password form
>> 2) system emails you a special URL to visit
>> 3) you visit the special URL
>> 4) this web page has you type in a new desired password. As a  bonus, 
>> it automatically logs in you too.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list