Currently, when resetting a password and confirming the reset by the POST /users/me/passwordreset/confirm endpoint, you need to pass at least 3 page names that match at least to 80% the names of existing pages of the user. This system has some issues:
Users with less than 3 pages will never be able to confirm via this method
Most users actually name the pages by the assigned champions, which makes the confirmation nearly obsolete
It might not be convienient to remember the page names if you don't know before that you need to remember them for password resert.
So, this method should be replaced with something like a security question, for example.
Currently, when resetting a password and confirming the reset by the
POST /users/me/passwordreset/confirmendpoint, you need to pass at least 3 page names that match at least to 80% the names of existing pages of the user. This system has some issues:So, this method should be replaced with something like a security question, for example.