03-28-2015, 05:28 AM
I notice the mechanism for resetting a password for the Xonotic Forums has quite an insecure step: your new, temporary password is sent in plaintext to your email account. Secondly, once you login using this password you are not automatically taken to the change password screen, instead being dropped off at the main page.
Would it be possible to have the first password reset link take you to a page where you can enter your new password straight away, rather than leaving the account somewhat more vulnerable until the user changes their password manually?
Would it be possible to have the first password reset link take you to a page where you can enter your new password straight away, rather than leaving the account somewhat more vulnerable until the user changes their password manually?