Web browser: ---
            Bug ID: 59736
           Summary: password reminder should have a "cancel this" link
           Product: MediaWiki
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: Unprioritized
         Component: User login and signup
    Classification: Unclassified
   Mobile Platform: ---

When someone gets a password reset email from us these days, it does not
contain an "if you did not request this password reset, click here to cancel".
This sort of language is becoming pretty standard; Facebook says 

"Didn't request this change?
If you didn't request a new password, let us know immediately [LINK]."

Key to note: the "let us know immediately" doesn't actually have to *do*
anything; it still reassures people just by existing. (I'm bringing this up
because one of our outside counsels forwarded me an email and asked "what
should I do?"; having a link like this would have reassured him.)

Marking this minor because the lack of this does cause some consternation for
users, and isn't best practices, but isn't a security bug per se.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to