Password and Email change strategies

[keawade]

I think we need to make users confirm email and password changes via email. For example, a user wants to reset their password so they click a reset password button on our site. The server then emails the user with a one time use reset token.

I think we should do the same with changing email addresses since someone could just crack a password, change the email, then get the change password token at the new email.

[NathanBland]

I agree.

On Sat, Dec 12, 2015 at 11:33 PM, Keith Wade notifications@github.com wrote:

I think we need to make users confirm email and password changes via email. For example, a user wants to reset their password so they click a reset password button on our site. The server then emails the user with a one time use reset token.

I think we should do the same with changing email addresses since someone could just crack a password, change the email, then get the change password token at the new email.

— Reply to this email directly or view it on GitHub https://github.com/whiteboards/converse/issues/23.

[NathanBland]

So really, this should work for the forgot password link on our registration form, and for the change email in our settings on profile, however there are some problems.

One of the main reasons someone might change an email is if they lose access to that account, such as no longer being at a college, or job. In this case they would be locked out of their account, and since we don't have any other information on them, we would have no way to verify their identity if they contacted us for help.

I think we should experiment with other options here, such as just requiring two factor authentication for user settings. A simple text, or a second email address as a backup would work great for this.

@keawade thoughts?

[keawade]

I like the second address idea.

[keawade]

I'm going to close this issue and link it in the new issue I'm creating for this feature.