+- Xonotic Forums (https://forums.xonotic.org)
+-- Forum: Creating & Contributing (https://forums.xonotic.org/forumdisplay.php?fid=10)
+--- Forum: Xonotic - Suggestion Box (https://forums.xonotic.org/forumdisplay.php?fid=20)
+--- Thread: [SUGGESTION] Forum password reset security (/showthread.php?tid=5416)
Forum password reset security - MrDetonia - 03-28-2015
I notice the mechanism for resetting a password for the Xonotic Forums has quite an insecure step: your new, temporary password is sent in plaintext to your email account. Secondly, once you login using this password you are not automatically taken to the change password screen, instead being dropped off at the main page.
Would it be possible to have the first password reset link take you to a page where you can enter your new password straight away, rather than leaving the account somewhat more vulnerable until the user changes their password manually?
RE: Forum password reset security - Mr. Bougo - 03-28-2015
I don't see how your alternative would make it any harder from an adversarial point of view. It would make it less foolproof by forcing users to change their passwords, but that's all.
Anyway, I couldn't find a way. Sorry :x