Before I go and change things, I'd like to bounce this off some people.
Most sites work just like Zen does. You want to change your password, so you log into your account (obviously requiring your password) and you click on Change Password and now you're required to enter your current password... again.
First off, I hate unnecessary repetition. But more to the point, I want to help customers who have their accounts auto-created during a PayPal Express checkout. If they click "My Account" and go to change their password... what is their "current password"? They have no idea since they were never given one.
So I'm proposing that I'll simply remove the current password check. But am I opening up a security risk? I don't think so, but perhaps I'm missing something.
I want to preface by saying: ignore the whole "perhaps they walked away from their computer and someone could hijack their account" scenario. Other than that scenario, what is the harm of allowing a more direct password change?
Results 1 to 10 of 30
Threaded View
-
19 Oct 2015, 12:21 AM #1
Totally Zenned
- Join Date
- Jun 2005
- Location
- Kelowna, BC Canada
- Posts
- 1,075
- Plugin Contributions
- 6
Is there really a reason for "current password" when resetting?
Reply With QuoteSimilar Threads
-
v138a make wholesale "Sort by Price" display right when there special prices for products?
By prettyodd in forum Setting Up Categories, Products, AttributesReplies: 1Last Post: 27 Nov 2012, 09:26 AM -
v150 For some reason I have to specify "index.php" to access my admin
By jbnyc in forum Basic ConfigurationReplies: 2Last Post: 28 Jul 2012, 10:00 AM -
"Sorry, there is no match for that email address and/or password" PLEASE HELP
By mvanbus43 in forum General QuestionsReplies: 4Last Post: 4 Jul 2009, 12:05 AM -
"https//" for no reason
By squeakypants in forum Built-in Shipping and Payment ModulesReplies: 4Last Post: 16 Aug 2006, 12:39 AM
