2,004
edits
Changes
no edit summary
This feature was implemented to enhance the general login security and align our protocols with accepted industry practices.
Prior to this update, when a password change was requested, the password was immediately reset and sent via email. With this update the user will receive a password reset email with a required action (i.e. clicking on a link) once the action is completed the user will be prompted to change their password. In addition to this a generic message will inform the user that the request has been sent.
Also updated is the message displayed when incorrect credentials are entered when trying to log into a locked account. Users entering in incorrect username and or password combination will receive a standard “Invalid Login” message.
[[Category:Why]] [[Category:Global Settings]]