diff options
author | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:52:07 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:52:07 +0300 |
commit | d6a5101a691cf6260f83d03978f6c9d37d5ea6f5 (patch) | |
tree | d9591165252d882898d16528a430a83bd64b1d4c /yuck.mdwn | |
parent | c3fb1165df74aa3e3a8ce18983f4c05721632780 (diff) | |
download | ick.liw.fi-d6a5101a691cf6260f83d03978f6c9d37d5ea6f5.tar.gz |
Add: notion of single-use random link for password resets
Diffstat (limited to 'yuck.mdwn')
-rw-r--r-- | yuck.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -167,7 +167,9 @@ reference in discussions. need. * (PRIVACYLEAK) Yuck MUST NOT leak personal information. * (PWRESET) Yuck MUST support the user resetting their password, - securely. + securely. Possibly by supporting a random, single-use link that can + be communicated to the user (perhaps via email) to allow them to + change the password. * (TEMPLOCK) Yuck MUST support locking an account temporarily, if it is the target of too many failures. This is to avoid an attacker from brute-forcing a password by trying many times. |