The password reset system
Adelino GOMES
The password reset system allows anyone to reset someone else's password simply by entering their email address in their forgotten password....It is essential that the Password reset process requires verification of user identity.
I propose the following changes to improve this process:
The user should receive a confirmation email after making a password reset request.
This email should contain a secure link allowing the user to initiate the password reset themselves.
This will ensure that only authorized people can make password changes.
I therefore ask you to take this issue into consideration and consider quickly correcting this malfunction.
Additionally, it would be a good idea to allow a password recovery link to be sent to a user directly from the back office > Community
I thank you in advance for taking this request into account.
D
Daria
Making robust authentication is crucial.
As of now GoodBarber authentication module looks like it was made by scholar. Not only overall password resets, but overall process. Emails are non customizable, sent from GoodBarber mail domain.
Almost 0 implementation of modern way to authenticate, change passwords etc.
Adelino GOMES
I also take this opportunity to propose the possibility of setting up a robust password management policy:
For example, implementing a rule stating that passwords must consist of a minimum of 12 characters, including uppercase letters, lowercase letters, numbers, and special characters. Several of our applications contain confidential and sensitive information, and our clients would like to be able to enforce strong passwords for community members.
Currently, there are no minimum requirements in place: a member can easily change their password to something as simple as "1234".
Scott
Agreed. And while we’re on the subject of security, setting up 2FA for admin login should also be a feature.
M
Markus Granseth
Important!
BBC Pastor
I fully agree! This would be extremely helpful.