Send password reset link rather than plain-text password
The Forgotten Password part of the registration plug-in should not email plan-text passwords to people. It should just give you a one-time link with an expiry date/time to set a new password.
This idea was actually completed as a side-effect of having moved our authentication to use an Azure AD back-end. Password resets no longer send you a temporary password in plain text. Azure AD now handles all of this for us and sends a verification code that lets the user reset the password in a much more modern and secure way. Thanks for all the input. Glad to be closing off one more product suggestion!
This idea was actually completed as a side-effect of having moved our authentication to use an Azure AD back-end. Password resets no longer send you a temporary password in plain text. Azure AD now handles all of this for us and sends a verification code that lets the user reset the password in a much more modern and secure way. Thanks for all the input. Glad to be closing off one more product suggestion!
this idea has technical notes but you can't see them on this portal