locked Re: ANOTHER DISASTER - a member reset another member's password


 

J,

In trying to help my transferred member figure out how to reset (or
actually, create) a password, someone in my group posted a link to her
OWN "reset password" link that she received in the transfer email. She
warned people not to click on it since it might reset HER password.
Nobody thought that could actually happen, but unfortunately, it did:
someone else clicked on the link and inadvertently re-set the other
member's password.
Yeah, there's basically no defense for this one. Forwarding a password reset link is in its way worse than posting your password - because the reset not only gives the stranger access, but also locks you out.

I am now in an offlist pow-wow with the two of them, trying to figure
out how to rectify the situation.
I read in other messages that they have it straightened out. So that's good.

However, even if the second member couldn't be reached, or couldn't remember what the new password was, the original member can to go to the site and click for a new Password Reset. That she could do without being able to sign in (that being the time you _need_ a password reset).

And this time don't forward the email to anyone!

-- Shal

Join main@beta.groups.io to automatically receive all group messages.