|
|
|
|
|
|
by StavrosK
5467 days ago
|
|
|
I disagree. All they did (edit: to clarify, it seems to me that they only tried two alternatives) was try sending a password reset link and the unencrypted password itself. I don't think sending the user a new password would be that big a deal (we're assuming they receive the email, as both methods will fail if not), and you could show them the password reset page immediately after they logged in with the new password. Win/win. |
|
|
I believe this is the scenario most people here think is happening.