• You are not logged in.
  • 1

Bug report - Password request

  • Started by Abdulhalim
  • 4 Replies
  • Abdulhalim
  • Member
  • Reputation: 17
  • From: Iran, BND
  • Registered: 28-06-2016
  • Posts: 125

Hello ,

Maybe this is not a bug , But it will be annoying for users .
We assume I am devil person big_smile , and iI know somebody's email address , So I request a new password with somebody else's email address . the system will quickly change the password and send a mail to the person , The person has to click the activation link to active his/her new password . but he/she didn't request the password . It will be annoying if this process repeated .

The secret of staying young is to live honestly, eat slowly, and lie about your age.

I’m working on improving my English

Offline
  • 0
  • Chris98
  • Project Manager
  • Reputation: 51
  • From: England, United Kingdom
  • Registered: 15-04-2015
  • Posts: 512

There are actually a few steps in place to prevent this from happening; We prevent the same IP address or user from requesting more than one password reset within an hour and the user has to actually click the activation link before the password is changed.

That said, we could do more. I also believe in setting a specified time period, such as 24 hours for the new password to be active for before it expires.

Kind regards,
Christopher Marshall
chris [at] get-aura [dot] org

Project Manager

Offline
  • 0
  • Abdulhalim
  • Member
  • Reputation: 17
  • From: Iran, BND
  • Registered: 28-06-2016
  • Posts: 125

Hmmm , If I don't click on activation link , my current password remains or not ?

The secret of staying young is to live honestly, eat slowly, and lie about your age.

I’m working on improving my English

Offline
  • 0
  • Chris98
  • Project Manager
  • Reputation: 51
  • From: England, United Kingdom
  • Registered: 15-04-2015
  • Posts: 512

Yes. Your password is only changed if you click on the activation link which is sent in the email.

Kind regards,
Christopher Marshall
chris [at] get-aura [dot] org

Project Manager

Offline
  • 0
  • Abdulhalim
  • Member
  • Reputation: 17
  • From: Iran, BND
  • Registered: 28-06-2016
  • Posts: 125

You right , last night when I checked the forgot password function , I clicked on activation link but I didn't change my password, Today i faced to wrong password warning ... My bad

The secret of staying young is to live honestly, eat slowly, and lie about your age.

I’m working on improving my English

Offline
  • 0

Users in this topic: 0 guests, 0 registered users

  • 1