• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Password retrieval?

#3
Can we disable that we can type a user's name? It's public info and anyone can send password resets to admins etc. It isn't a security issue just can become an annoyance.
 

OperaManiac

Well-known member
#5
Can we disable that we can type a user's name? It's public info and anyone can send password resets to admins etc. It isn't a security issue just can become an annoyance.
mmm. password reset mails are send to users not admins! the new passwords are generated automatically and admins are not involved in any way!
 
#7
mmm. password reset mails are send to users not admins! the new passwords are generated automatically and admins are not involved in any way!
I must of not explained myself clearly, it happens lol. Can we disable typing in a username in the reset form and only enable an email to to typed in?

go to the form and see how it is and you can see how it is now.
 

OperaManiac

Well-known member
#8
i just tested it out. it seems like any other password request form i have seen on the web!

it does not show a dropdown with matching user names which i feared you were talking about.

having both username and email id is a good thing imo.

if a user lands on your forum... he might not remember the email id he used to register on the forum. so username comes handy.

i actually know a couple of people who do not use their primary email id for forums.

they would use something like:

username+forumname@gmail.com

this works fine because gmail would still send the mail to username@gmail.com but since it has the keyword in it, you can easily filter the emails based on that parameter.

the reason behind using this form of email id is that you can recognize the company that sold your email id to spammers if you start getting spam on it!
 
F

Floris

Guest
#9
Even if someone fake resets it, they don't have access to your email, so nothing to reset.
 

OperaManiac

Well-known member
#10
righto. nothing happens as long as the user does not click a link in the mail that is delivered to the user.

i actually have seen some services that would send you a new password on this step! i cannot pinpoint any specific one at this time but yeah there are definitely some services out there!
 

HydraulicJack

Well-known member
#11
The link is showed after you filled in a wrong password or username/mail:
Hmm seems like we should have the option to show the forgot password link without the user taking that step.
Some people arrive knowing that they don't know their password so they don't enter any.
I already have one prospective user who tripped up on that and so did I!
 

James

Well-known member
#15
i just tested it out. it seems like any other password request form i have seen on the web!

it does not show a dropdown with matching user names which i feared you were talking about.

having both username and email id is a good thing imo.

if a user lands on your forum... he might not remember the email id he used to register on the forum. so username comes handy.

i actually know a couple of people who do not use their primary email id for forums.

they would use something like:

username+forumname@gmail.com

this works fine because gmail would still send the mail to username@gmail.com but since it has the keyword in it, you can easily filter the emails based on that parameter.

the reason behind using this form of email id is that you can recognize the company that sold your email id to spammers if you start getting spam on it!
Does gmail still have this? We can add the +whateverwewant and it still goes to our e-mail?
 

Erik

Well-known member
#19
Yeah, just tried. Gmail filters basically any characters that they disallow it seems?
Not exactly. Periods ('.') are filtered such that you can add them in an address and it won't affect anything. example.user@gmail.com is effectively the same as exampleuser@gmail.com or e.x.a.m.p.l.e.u.s.e.r@gmail.com.

You can append strings to the address using the plus character ('+'), and any email sent to this address will be received by the original account. For example, you can do exampleuser+anythinghere@gmail.com. The email will be received as if it was sent to exampleuser@gmail.com. However, the to: header still shows exampleuser+anythinghere@gmail.com, which allows you to do some powerful filtering within Gmail. :)
 

OperaManiac

Well-known member
#20
mmm this is what i said above!

what i meant was that u cannot use + in the place of . and . in the place of +!

the +xyz trick is mentioned above!