Opened 8 years ago

Closed 8 years ago

Last modified 18 months ago

#5294 closed defect (invalid)

"Forgot password" should require EITHER email or username, not both

Reported by: teo8976 Owned by:
Priority: normal Component: trac
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description (last modified by Timothy Gu)

At https://trac.ffmpeg.org/reset_password

you are required to enter your username AND email.
That's retarded.

If you forget your username, you are fucked. If you remember your username but are not sure which email you used, you are fucked.

Decent sites either let you enter whichever you want, or they only require the email (the former option is obviously better).

Change History (4)

comment:1 by Timothy Gu, 8 years ago

Description: modified (diff)
Resolution: wontfix
Status: newclosed

You can file a ticket against Trac's AccountManagerPlugin, which we use for account management. There are multiple reasons for this redirection:

  1. if this change is truly universal to all "decent sites," it should be fixed at the root, instead of us rolling an ad hoc change.
  2. we don't know Python.

comment:2 by Timothy Gu, 8 years ago

Resolution: wontfixinvalid

comment:3 by jason, 18 months ago

Fwiw: https://trac-hacks.org/ticket/10762 and newer related duplicates.

comment:4 by Balling, 18 months ago

If you forget your username, you are fucked

Balling is my username, how am I fucked? I can just look into this post. Or email from trac. There you can see your email. The probelm is many use the email that they later use to sign-off-by on commits, that emails and public username kinda makes it still simple to create a DOS attack.

It is rather common on some services to require user name instead of email. Wikipedia. Or windscribe.

Last edited 18 months ago by Balling (previous) (diff)
Note: See TracTickets for help on using tickets.