Web browser: ---
Bug ID: 59736
Summary: password reminder should have a "cancel this" link
Component: User login and signup
Mobile Platform: ---
When someone gets a password reset email from us these days, it does not
contain an "if you did not request this password reset, click here to cancel".
This sort of language is becoming pretty standard; Facebook says
"Didn't request this change?
If you didn't request a new password, let us know immediately [LINK]."
Key to note: the "let us know immediately" doesn't actually have to *do*
anything; it still reassures people just by existing. (I'm bringing this up
because one of our outside counsels forwarded me an email and asked "what
should I do?"; having a link like this would have reassured him.)
Marking this minor because the lack of this does cause some consternation for
users, and isn't best practices, but isn't a security bug per se.
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list