| 2011-10-12 18:53:39 |
Māris Fogels |
description |
We no longer need to force password-enabled users to change their password after login. The site uses SSL encryption to serve the page that displays the randomly generated password to the user.
There should be no problem removing the password change step because this is a limited-time trial, meant for a single user, and the password is sent to the user via an encrypted channel.
Resolving this issue would also make the password-enabled login *much* smoother and simpler. It would eliminate the difficult task of communicating complex login steps to the user. |
We no longer need to force password-enabled users to change their password after login. The site uses SSL encryption to serve the page that displays the randomly generated password to the user.
There should be no problem removing the password change step because this is a limited-time trial, meant for a single user, the password is random, and the password is sent to the user via an encrypted channel.
Resolving this issue would also make the password-enabled login *much* smoother and simpler. It would eliminate the difficult task of communicating complex login steps to the user. |
|
