Open hickford opened 7 years ago
juanchodepisa
commented
7 years ago Uhmmm, I'd have to agree with this.
There's a loophole where someone could claim to have forgotten a password for an account that's not theirs. This would mean the original password would stop working, disrupting that player's usability of the server.
anoek
commented
7 years ago Agreed
BHydden
commented
5 years ago resolved.
anoek
commented
2 years ago This issue has been marked stale and will be closed soon without further activity. To keep the issue open, please respond to the comment to keep the discussion going.
hickford
commented
2 years ago The issue remains (contary to https://github.com/online-go/online-go.com/issues/176#issuecomment-495963674)
Someone (hopefully you!) has requested a password reset for your online-go.com account. To proceed, simply login with the following credentials:
Username: Guybrush Threepwood Password: 12345678
BHydden
commented
2 years ago Wow this is still happening??? Yeah agreed this is certainly not ideal.
github-actions[bot]
commented
7 months ago This issue has been marked stale and will be closed soon without further activity. To keep the issue open, please respond to the comment to keep the discussion going.
github-actions[bot]
commented
6 months ago This issue has been automatically closed due to inactivity. Please feel free to re-open it if the issue persists.
hickford
commented
6 months ago I can still reproduce the issue, please reopen.
Right now 'forgot your password' at https://online-go.com/sign-in changes your password to a random number and emails it to you
It would be better (more secure) to email a link instead https://www.gov.uk/service-manual/design/passwords#helping-users-who-forget-their-password