Replies: 1 comment
-
|
Hi @silavjy! Thanks for reporting us this feature request. I will report it to the team and we will keep you posted about it. Thank you! cc @Alkorin |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
AS IS
The current procedure to reset a password:
From the account details we click on the security tab and then click on the change button next to the password item:
A popup appears explaining that an email with instructions is to be sent to the email address for the account to be updated:
An email is received with a link to update the password:
On clicking the link, a page opens with the following form:
Problem statement: The issue is that the password can be changed by a person other than the user in case someone else gets hold of that email (specially if the account doesn't have 2FA activated). This is a security risk.
TO BE
On step 4 it is suggested to request the use to enter the old password prior changing the credentials.
Beta Was this translation helpful? Give feedback.
All reactions