Strengthen the password-reset-by-email feature

Bug #1026982 reported by François Marier on 2012-07-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Libravatar
High
Unassigned

Bug Description

Here are some good tips on how to strengthen passwords resets via email:

  http://security.stackexchange.com/questions/1918

François Marier (fmarier) wrote :

Now that Persona support is gone (bug 1533018), we need to make sure that password resets are solid.

Currently, the logic in account/forms.py::PasswordResetForm() is broken because it assumes that if you don't have a password set, you shouldn't be able to reset it and instead use OpenID or Persona to login.

description: updated
Changed in libravatar:
assignee: nobody → François Marier (fmarier)
status: Triaged → Confirmed
importance: Low → High
tags: added: passwords
Changed in libravatar:
assignee: François Marier (fmarier) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers