|
|
|
|
|
|
by maxander
3671 days ago
|
|
|
I wonder if anyone implements the restriction that a password reset can only be ordered after a certain time (a week, say) since the last successful password entry, for long-established accounts. Most real password resets are likely either in long-dormant or recently-created accounts, and this would add just another layer of partial protection against these kinds of attacks. |
|
|