Community Tech/Add an option to require email address and username to reset password
This page documents a project the Wikimedia Foundation's Community Tech team may work on in future. Development of this project has not yet been prioritized.
We invite you to join the discussion on the talk page.
Proposed in the 2019 Wishlist Survey.
Problem: Trolls and LTAs have been knocking Special:PasswordReset with the intention of trolling and (currently) this cannot be prevented. Then I get password reset I did not request. While I know I have secure password (and 2FA) on both my SUL accounts and my email, it's annoying so it'd better if I can just prevent them. It sometimes gives the impression to ordinary users that their account is being compromised, which is not a good UX.
- Wishlist proposal, discussion and votes
- Phabricator ticket(s): TBD