Closed Bug 592161 Opened 15 years ago Closed 15 years ago

better/more actionable message for users that had a third party reset their password

Categories

(Cloud Services Graveyard :: Server: Sync, defect)

Product:
Cloud Services Graveyard
Component:
Server: Sync
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 570408

People

(Reporter: chofmann, Assigned: telliott)

Details

this message seen on labs feedback channel > I received an email from Mozilla telling my that I had asked for > resetting Weave password. The email also said if I did not ask, I > should not worry. Well, I did not ask but I am worried! Is my password > for sure safe and there is no way to reset but by clicking on the link > in that email? Can that person who requested resetting my password > find some other way to reset it? sounds like the e-mail received by this user could be a phishing attack. should we be tracking and trying to trace phishing attacks? If it's not we should check the message that we send. Are we really telling users "not to worry" if a password reset was attempted on their account by a third party? Maybe we could beef up the message to provide the confidence this person is looking for. "Its possible a third party has attempted to compromise your account. There is no way to reset the password except by but by clicking on the link in this email" maybe it would also be a good opportunity to link to a page that provides instruction about good password management.
also, do we have timeouts on the password reset requests?
We do have a timeout. I think it's 12 hours. This is effectively a dupe of bug 570408
Assignee: nobody → telliott
Component: Identity → Server
QA Contact: identity → server
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.