Email notification upon password change #673
Comments
|
I'll work on this! |
vibros68
pushed a commit
to vibros68/politeia
that referenced
this issue
Aug 17, 2021
* allow node function to check if link is valid when typing * url validator * added url validator for malformed links * removed broken methods * fix validation error on regular inputs * added proposal link validator on sumbit proposal * fixed errors * fixed error when typing valid urls * removed console.logs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
An email notification should be sent when the password on an account is changed.
One example for why this is important - presently somebody may leave their account logged in on an unattended machine with their password saved in their browser auto-complete. A malicious actor could change the password on the account without the account holder being aware that their account has been compromised.
Sending a notification upon password change is a standard security practice implemented by many websites - it does not prevent this scenario, but it does at least inform the account holder that their account is compromised.
(This is a suggestion from a report submitted to https://bounty.decred.org)
The text was updated successfully, but these errors were encountered: