Open hickford opened 7 years ago
Uhmmm, I'd have to agree with this.
There's a loophole where someone could claim to have forgotten a password for an account that's not theirs. This would mean the original password would stop working, disrupting that player's usability of the server.
Agreed
resolved.
This issue has been marked stale and will be closed soon without further activity. To keep the issue open, please respond to the comment to keep the discussion going.
The issue remains (contary to https://github.com/online-go/online-go.com/issues/176#issuecomment-495963674)
Someone (hopefully you!) has requested a password reset for your online-go.com account. To proceed, simply login with the following credentials:
Username: Guybrush Threepwood Password: 12345678
Wow this is still happening??? Yeah agreed this is certainly not ideal.
This issue has been marked stale and will be closed soon without further activity. To keep the issue open, please respond to the comment to keep the discussion going.
This issue has been automatically closed due to inactivity. Please feel free to re-open it if the issue persists.
I can still reproduce the issue, please reopen.
Right now 'forgot your password' at https://online-go.com/sign-in changes your password to a random number and emails it to you
It would be better (more secure) to email a link instead https://www.gov.uk/service-manual/design/passwords#helping-users-who-forget-their-password