Hey,
Right now, when an email is changed on a forum, the confirmation of the new email is sent to the new email. This is good because the new email obviously needs to be confirmed, but it's also highly insecure. If a forum account was compromised, they can do everything including changing the email and password of the account.
I would like a security feature that requires a confirmation from the current email address prior to sending the confirmation to the new email address. It would look something like:
If possible, this could also be implemented for password changes, where a user has to confirm a new password via their current email.
Thanks
Right now, when an email is changed on a forum, the confirmation of the new email is sent to the new email. This is good because the new email obviously needs to be confirmed, but it's also highly insecure. If a forum account was compromised, they can do everything including changing the email and password of the account.
I would like a security feature that requires a confirmation from the current email address prior to sending the confirmation to the new email address. It would look something like:
If possible, this could also be implemented for password changes, where a user has to confirm a new password via their current email.
Thanks
