Client-Side Password Resets

The current Password Alert server is extremely complicated to setup and heavily tied to Google Apps because it invokes password resets from the server.

Google is currently working on a hosted version of the Password Alert server, which I assume requires a rework of the permission model, almost all of the difficulty could be removed by simply having the client force reset it's own password.

At the time of a phishing attack, we have a candidate username & password, so we should be able to login as the user for whom we have credentials, and then change their password to a randomly generated one, and then present a UI to the user with their new password.

The main advantage of this is that it would work for any site, Google or otherwise.

kuza55, 29.11.2015, 02:17

Idea status: under consideration

Comments

Without registration

Name		Required
e-mail		Required

Login		Use 3 to 18 characters, Latin characters or numbers	This login is not availableThis login is available
e-mail
Password		Use 3 to 18 characters, Latin characters or numbers
Re-type password
	Remember me

	Sign up

Login
Password		Forgot your password?
	Remember me


E-mail

Client-Side Password Resets

Comments

Leave a comment