Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-13446

Notification/Confirmation of email/password changes

XMLWordPrintable

      We should notify users about email/password changes on their current email address.
      This helps to prevent accounts being stolen by others.

      For passwords an email like the one from github could be used:

      Hello xyz,

      We wanted to let you know that your GitHub password was changed.

      If you did not perform this action, you can recover access by entering security@phpbb.com into the form at https://github.com/password_reset.

      To see this and other security events for your account, visit https://github.com/settings/security.

      If you run into problems, please contact support by visiting https://github.com/contact or replying to this email.

      (the named reset password action would need to be added thou).

      For emails I would even require a validation of the new address (send activation link or something similar, currently you can lock yourself out of your account), before changing it and also notify the old email when the action has been performed.

            Unassigned Unassigned
            nickvergessen Joas Schilling
            Votes:
            6 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: