Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 09:38 pm EDT

Lost password

  • Tuesday, April 23 2002 @ 10:48 pm EDT
  • Contributed by:
  • Views: 5,760
Security I noticed that when we lose a password, geeklog will send us a new \'system-generated\'password. I have one concern, with the ease of requesting for new password.

GL does not verify if you are truly the user requesting for new password. As such, a prankster can look for a list of users ie. Admin etc and request for a new password for the person. It would be a pain if the this becomes a day to day affair.

Are there any plugins patches that we can add to help identify the user ie mom\'s maiden name or something along those lines?

Thank you.