Hacker News new | ask | show | jobs
by evjim 2996 days ago
But then if the password is reset, the original scammer has no access to the account! And the scammer cannot reset the password because they do not have access to the email.
2 comments
scott00 2996 days ago
Netflix offers SMS password resets.
link
anchpop 2996 days ago
This is true if changing the password s you to re-enter the password on every device (even those that were logged in at the time)
link
shkkmo 2996 days ago
Changing a password should always invalidate all existing sessions. If you aren't doing that, then you are doing it wrong.

Edit: Or at least invalidate all sessions initiated using the old password if you have that tracked.

link
will4274 2995 days ago
> Changing a password should always invalidate all existing sessions

Doesn't with Google. They display a prompt and let you select which sessions to expire.

link