Shouldn't the "Forgotten Password" thing be setup in two steps? Like:
1) Users enter their email asking for new password.
2) A confirmation mail is sent asking whether they asked to reset password.
3) New password is sent if they have clicked the confirmation mail.
Right now anyone can reset your password if they know your email ID. (Not that email ID is known to all, just that it can happen).
I hope this will be done in future versions.
Who is online
Users browsing this forum: No registered users and 5 guests
