Community Tech/Add an option to require email address and username to reset password

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search

Proposed in the 2019 Wishlist Survey.


Problem: Trolls and LTAs have been knocking Special:PasswordReset with the intention of trolling and (currently) this cannot be prevented. Then I get password reset I did not request. While I know I have secure password (and 2FA) on both my SUL accounts and my email, it's annoying so it'd better if I can just prevent them. It sometimes gives the impression to ordinary users that their account is being compromised, which is not a good UX.

Status updates[edit]


Important links[edit]