Page 4 of 4

Re: Lost Password Recovery WITHOUT username

Posted: Tue Jan 05, 2010 12:27 pm
by angelox
thank you very muc,h benneh, for you hack :)

Re: Lost Password Recovery WITHOUT username

Posted: Thu Aug 05, 2010 9:31 am
by Emmel
ilumn8r wrote:In Joomla 1.5 they have addressed this problem, and actually added some additional functionality, it appears. The new "Lost Password" page reads:

Please enter the e-mail address for your account. A verification token will be sent to you.
Once you have received the token, you will be able to choose a new password for your account.

E-mail Address: [ ]

{Submit} (button)

Haven't tried this, to see what the "token" functionality is, but it sounds like a cool way to handle this.
Unfortunately you have to enter the token AND the username :(.

Of course, there's the possibility to send a username to an e-mail adress. But that's one step more without gain of security, so why not eleminate this step and send the username with the token-mail or remove the username field on the "enter-token-page"?

Does anyone know, if there's a way to configure or work around this?

Re: Lost Password Recovery WITHOUT username

Posted: Mon Aug 23, 2010 11:26 am
by Odda
I agree with Emmel, and think there must be an easier way to solve this. I've got quite a few responses from customers having problems with this, and I'm sure even more that haven't contacted me. This topic pops up also other places on the forum, but as far as I can tell with no proper solution or modul to solve it. Anyone...?