Closed jace closed 5 years ago
The password reset form is an abuse vector, so it should include Recaptcha.
The add email and phone forms also send communications to unverified destinations and therefore need Recaptcha protection.
The password reset form is an abuse vector, so it should include Recaptcha.