Saturday, June 2, 2012

New password recovery mechanism

If you forget your password, you can now ask for a password reset email, which allows you to reset your password to a new one. The reset URL is only valid for two hours and can only be used once. With this change, the EDAS database now only includes hashed passwords, reducing the chance of accidental disclosure of passwords that you might be using elsewhere. We are also strengthening the password requirement, so that trivial passwords such as 1234 or dictionary words are no longer acceptable.

No comments:

Post a Comment