Dear dev-fxacct collective, Re: https://github.com/mozilla/fxa-auth-server/issues/698
Random use case: Something like HeartBleed 2.0 comes out in the wild. We patch our certs and make sure everything is clean, but we want to proactively make users change their passwords (versus passively sending an email to everybody and ASK them to change them). Not sure if we can force the user's account into a state where they need to reset their password after their next successful login, or if we halt syncing and everything else and throw up a doorhanger saying "Please reset your password to continue synching". Discuss. Need it? Don't need it? Z-never milestone? -peter _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
