I'm using an account which isn't trustworthy enough for tokens to be sent to enable me to change my password. It should be possible for me to set a check box and sign on a line "I promise under penalty of buying a sysadmin lunch, that I will not lose my password." It should be possible to have some way for an admin to assign this bit to a group. probably of the following flavors: token_change_password_forbidden: users have no choice, password reset token will not be provided. token_change_password_discouraged: users can opt in for bugzilla password reset via token. token_change_password_optional: users can opt out of bugzilla password reset via token. token_change_password_enabled: users can not opt out of bugzilla password reset via token. It just occurred to me while reading a thread involving gerv that my account is actually less secure now than it was before the password reset token feature was added. And hence, I'm filing this bug. Basic implementation is just providing an opt out feature without group support. I think that it might later become more common that one would want to use token_change_password_forbidden or token_change_password_discouraged for people in Admin, EditUsers, and Sudo. I'm going to file one other bug about this feature because it occurs to me that there's another approach available.....
mkanat and I both think this RFE is a pretty uncommon request/situation and that it doesn't worth the implementation.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.