Hacker News new | past | comments | ask | show | jobs | submit login

I don't see how sending a reset link is secure.

Wouldn't anyone intercepting the email be able to use the reset link themselves and gain access to the account?




Reset links can at least time out, passwords generally don't.

Providers should send you notifications when you reset your password, they generally don't when you just log-in like normal.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: