Login

I notice the mechanism for resetting a password for the Xonotic Forums has quite an insecure step: your new, temporary password is sent in plaintext to your email account. Secondly, once you login using this password you are not automatically taken to the change password screen, instead being dropped off at the main page.

Would it be possible to have the first password reset link take you to a page where you can enter your new password straight away, rather than leaving the account somewhat more vulnerable until the user changes their password manually?

I don't see how your alternative would make it any harder from an adversarial point of view. It would make it less foolproof by forcing users to change their passwords, but that's all.

Anyway, I couldn't find a way. Sorry :x

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[BUG] Forum software swallows newlines	ballerburg9005	3	2,166	11-01-2021, 08:51 AM Last Post: ballerburg9005
	[SUGGESTION] New Forum Section: Servers	Antares*	1	2,113	02-08-2021, 02:27 PM Last Post: LegendGuard
	[BUG] No proper Unicode handling in forum	Lyberta	1	2,519	08-13-2019, 03:10 PM Last Post: hotdog
	[SUGGESTION] Discourse Forum	PetaByteBoy	9	9,652	03-08-2016, 01:46 PM Last Post: Beagle
	[SUGGESTION] a sub-forum for user and game server admin communication	BuddyFriendGuy	6	6,050	09-04-2015, 02:12 AM Last Post: BuddyFriendGuy
	[SUGGESTION] Sorting forum members by reputation?	unfa	11	14,991	11-11-2013, 05:01 AM Last Post: edh
	[SUGGESTION] Idea: Forum cleanup?	Samual	14	19,657	10-22-2013, 09:14 AM Last Post: unfa
	[SUGGESTION] WOULD LIKE A CTS VID SECTION IN FORUM	chooksta	7	6,760	11-29-2011, 04:09 AM Last Post: PinkRobot
	[SUGGESTION] Forum section: International	Exitium	16	17,692	09-29-2011, 04:22 AM Last Post: RaptorFX
	[SUGGESTION] Requests for the forum	Mirio	10	10,967	08-12-2011, 10:35 AM Last Post: kojn^