[wp-hackers] On overly-obscure passwords

Mark Waterous lists at watero.us
Thu May 6 17:48:42 UTC 2010


I realize that, which was the point of my explaining why it couldn't be
reduced to a single step process from the current two-step process.
Supplying a form as step two of the process instead of firing off a second
email is a good idea though.


-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of John
Blackbourn
Sent: Thursday, May 06, 2010 10:43 AM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] On overly-obscure passwords

@Mark Waterous: The password wouldn't be reset when a username is
entered into the password recovery form, so the situation of people
being able to reset your password just by entering your username
wouldn't happen. In fact nothing would happen until you click the
authorisation link in the email and then fill out a new password.
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list