Quoting Thomas Berezansky <[email protected]>:
All future resets would still be random.
Because resetting someone's password to something that is basically public information, their phone number, is asking for accounts to be hijacked.
-- Jason Stephenson Assistant Director for Technology Services Merrimack Valley Library Consortium Chief Bug Wrangler, Evergreen ILS
