Open nadonomy opened 3 years ago
I hope I don't misunderstand the scope of this issue, but it should be possible to retain the session-ID to avoid re-verification of identities, if I understand the last point correctly. Users would not understand why they should verify their devices/encryption again only they changed the password. I'm refering here to point 4 to "prompt to log out other devices when rotating passwords".
Let's improve identification instead!
Summary Today, password reset in Element behaves unexpectedly: