allows users to let their password reset in case they have forgotten their password.
Note: you must have at least one valid registered e-mail to be able to reset your password. If none of your registered e-mail addresses is valid, and you have forgotten your password, contact webmaster@exampleNOSPAM.com.
- Where are multiple e-mail adresses stored?
- It would be much friendlier if the e-mail adress is shown here. Otherwise the user has to check elsewhere if the email address is correct. And s/he will be never sure if the e-mail address on the user page is used or perhaps a different one.
Anyone can use this page to reset the password of someone else. It would be better if
- the user with the given LoginName was sent an e-mail
- the user clicks on the link in the e-mail
- the user lands on a feedback page stating that the password has been reset
Also all related links on the page should be made less distracting.
E-mail addresses are not shown precisely because of the security implications of showing them.
Multiple email addresses are stored as a list. As the prompt says on ChangeEmailAddress
: "New e-mails (space-separated list):"
When a user visits that page, they are shown their registered Email addresses.
Yes, anyone can reset anyone else's password; of course they can. How else is someone who has forgotten their password supposed to request a password reset?
The user with the given LoginName is
sent an email, with the new password. Further complicating the reset process (requiring a second verification step) is IMHO unnecessary.
I can agree with the idea that related links should be improved. But it's Low priority.
How else is someone who has forgotten their password supposed to request a password reset?
Like step 1-3 above. This is not further complicating
, but normal process flow.
this appears to be how it works now...
Dear New User
Login name "NewUser"
Your password has been changed to "8920941650".
Please visit http://t42p/cgi-bin/TWiki4/bin/view/TWiki/ChangePassword?username=NewUser to change your password to something more memorable for you.
If you have any questions, please contact 0.
- 02 Jun 2007