Skip to Main Content
Product Suggestions
Status Shipped
Created by Guest
Created on May 11, 2018

Send password reset link rather than plain-text password

The Forgotten Password part of the registration plug-in should not email plan-text passwords to people. It should just give you a one-time link with an expiry date/time to set a new password.

  • Attach files
  • Admin
    Andrew Ardron
    Reply
    |
    Jan 8, 2021

    This idea was actually completed as a side-effect of having moved our authentication to use an Azure AD back-end. Password resets no longer send you a temporary password in plain text. Azure AD now handles all of this for us and sends a verification code that lets the user reset the password in a much more modern and secure way. Thanks for all the input. Glad to be closing off one more product suggestion!

  • Guest
    Reply
    |
    May 11, 2018

    this idea has technical notes but you can't see them on this portal

  • +11