diff options
Diffstat (limited to 'yuck.mdwn')
-rw-r--r-- | yuck.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -167,7 +167,9 @@ reference in discussions. need. * (PRIVACYLEAK) Yuck MUST NOT leak personal information. * (PWRESET) Yuck MUST support the user resetting their password, - securely. + securely. Possibly by supporting a random, single-use link that can + be communicated to the user (perhaps via email) to allow them to + change the password. * (TEMPLOCK) Yuck MUST support locking an account temporarily, if it is the target of too many failures. This is to avoid an attacker from brute-forcing a password by trying many times. |