[wp-hackers] Lost Password
Sepp
sepp at offline.ee
Tue Nov 15 22:07:11 GMT 2005
hi
Actually I think the first step to cure this behaviour might be very
simple: get rid of this first loginlink which makes you think that this
was all.
Replace it with a text "New password on it's way. Check your inbox".
Suddenly everything makes perfect sense ;)
just my 2 cents :)
sepp
http://sepp.offline.ee
Alex King wrote:
> I like your suggestion, but it is slightly less secure. In your flow
> below, someone could theoretically type in the URL with a guessed
> forgotten password key, create a new password and get right in. By
> mailing a new password to the user, someone would have to have access
> to your mailbox to steal your password via the forgot password feature.
>
> Cheers,
> --Alex
>
> http://www.alexking.org/
>
>
>
> On Nov 15, 2005, at 2:17 PM, John Joseph Bachir wrote:
>
>> 1) fill out lost password form
>> 2) system emails you a special URL to visit
>> 3) you visit the special URL
>> 4) this web page has you type in a new desired password. As a bonus,
>> it automatically logs in you too.
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list