Last modified: 2014-10-08 19:35:11 UTC
It would be useful to allow users to invalidate temporary password sent by "account details" feature from a second link within the same email. It's a common feature for many CMSes which doesn't seem to have any drawback.
Why would it be useful?
Vituzzu: Why would it be useful? What's the usecase / intention?
Unfortunately closing this report as no further information has been provided. Vituzzu@it.wiki: Please feel free to reopen this report if you can provide the information asked for. Thanks!
Use case is to make the temp. password invalid in case the email might have been sniffed on. (This is still dangerous as the user has to react faster than the one sniffing the emails, but depending on how the surveillance works it might take some time till the email containing the data got processed)
Change 147496 had a related patch set uploaded by Hoo man: Add "cancel this" link to password reset emails https://gerrit.wikimedia.org/r/147496