Community Tech/Add an option to require email address and username to reset password
Proposed in the 2019 Wishlist Survey.
Problem: Trolls and LTAs have been knocking Special:PasswordReset with the intention of trolling and (currently) this cannot be prevented. Then I get password reset I did not request. While I know I have secure password (and 2FA) on both my SUL accounts and my email, it's annoying so it'd better if I can just prevent them. It sometimes gives the impression to ordinary users that their account is being compromised, which is not a good UX.
- Wishlist proposal, discussion and votes
- Phabricator ticket(s): TBD