Users have no way to recover their password if they forgot it.
I'm keeping this separate from the "change password" issue because this one is a little more involved. It might require (programatically) emailing the user a way to reset their password? Or a new default password? That second one seems easier to implement, but has a pretty bad smell. Not sure what the correct way to do this is.
Users have no way to recover their password if they forgot it.
I'm keeping this separate from the "change password" issue because this one is a little more involved. It might require (programatically) emailing the user a way to reset their password? Or a new default password? That second one seems easier to implement, but has a pretty bad smell. Not sure what the correct way to do this is.