Password retrieval?

Sort by date Sort by votes
Brandon_R said:
Can we disable that we can type a user's name? It's public info and anyone can send password resets to admins etc. It isn't a security issue just can become an annoyance.
Click to expand...

mmm. password reset mails are send to users not admins! the new passwords are generated automatically and admins are not involved in any way!
 
Upvote 0 Downvote
OperaManiac said:
mmm. password reset mails are send to users not admins! the new passwords are generated automatically and admins are not involved in any way!
Click to expand...
I must of not explained myself clearly, it happens lol. Can we disable typing in a username in the reset form and only enable an email to to typed in?

go to the form and see how it is and you can see how it is now.
 
Upvote 0 Downvote
i just tested it out. it seems like any other password request form i have seen on the web!

it does not show a dropdown with matching user names which i feared you were talking about.

having both username and email id is a good thing imo.

if a user lands on your forum... he might not remember the email id he used to register on the forum. so username comes handy.

i actually know a couple of people who do not use their primary email id for forums.

they would use something like:

username+forumname@gmail.com

this works fine because gmail would still send the mail to username@gmail.com but since it has the keyword in it, you can easily filter the emails based on that parameter.

the reason behind using this form of email id is that you can recognize the company that sold your email id to spammers if you start getting spam on it!
 
Upvote 0 Downvote
righto. nothing happens as long as the user does not click a link in the mail that is delivered to the user.

i actually have seen some services that would send you a new password on this step! i cannot pinpoint any specific one at this time but yeah there are definitely some services out there!
 
Upvote 0 Downvote
dutchbb said:
The link is showed after you filled in a wrong password or username/mail:
Click to expand...
Hmm seems like we should have the option to show the forgot password link without the user taking that step.
Some people arrive knowing that they don't know their password so they don't enter any.
I already have one prospective user who tripped up on that and so did I!
 
Upvote 0 Downvote
OperaManiac said:
i just tested it out. it seems like any other password request form i have seen on the web!

it does not show a dropdown with matching user names which i feared you were talking about.

having both username and email id is a good thing imo.

if a user lands on your forum... he might not remember the email id he used to register on the forum. so username comes handy.

i actually know a couple of people who do not use their primary email id for forums.

they would use something like:

username+forumname@gmail.com

this works fine because gmail would still send the mail to username@gmail.com but since it has the keyword in it, you can easily filter the emails based on that parameter.

the reason behind using this form of email id is that you can recognize the company that sold your email id to spammers if you start getting spam on it!
Click to expand...
Does gmail still have this? We can add the +whateverwewant and it still goes to our e-mail?
 
Upvote 0 Downvote
James said:
Yeah, just tried. Gmail filters basically any characters that they disallow it seems?
Click to expand...
Not exactly. Periods ('.') are filtered such that you can add them in an address and it won't affect anything. example.user@gmail.com is effectively the same as exampleuser@gmail.com or e.x.a.m.p.l.e.u.s.e.r@gmail.com.

You can append strings to the address using the plus character ('+'), and any email sent to this address will be received by the original account. For example, you can do exampleuser+anythinghere@gmail.com. The email will be received as if it was sent to exampleuser@gmail.com. However, the to: header still shows exampleuser+anythinghere@gmail.com, which allows you to do some powerful filtering within Gmail. :)
 
Upvote 0 Downvote

Similar threads

Ozzy47
[OzzModz] Security Lock Old Accounts
2 3
Replies
58
Views
3K
Ozzy47
Ozzy47
Mouth
  • Question Question
XF 2.2 Lost password log - how frequently is the lost password form being triggered?
Replies
0
Views
118
Mouth
Mouth
S
Require password reset upon login
Replies
2
Views
327
stromb0li
S
kontrabass
  • Question Question
XF 2.2 Possible to check value of http header with conditionals?
Replies
0
Views
156
kontrabass
kontrabass
S
  • Question Question
XF 2.2 How to revert user profile changes done by spam?
Replies
0
Views
149
Sadiq6210
S
Top Bottom