Displaying part of the password recovery email #8754
-
|
I'm sorry if I'm being redundant. I searched all the documentation and did not find this functionality. Would it be possible to display part of the user's email when attempting password reset? Thank you so much for your attention and time. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
@andreisilvasantos that's not possible at the moment. What would be the use case/scenario for that? |
Beta Was this translation helpful? Give feedback.
-
|
We have a 6-month password expiration policy. So our users need to reset their password with a certain frequency. But not all of them remember which email is registered for recovery. It would be interesting to present an obfuscated email (3 initial characters and @Provider) to indicate in which email it will receive the password reset token. Obrigado pela atenção e tempo @abstractj. |
Beta Was this translation helpful? Give feedback.
-
|
@andreisilvasantos I understand, considering that disclosing part of customer's e-mail may open a new attack vector allowing people to guess some e-mails. We don't have any plans to support this as far as I know, but if you would like to come up with a design proposal, you are more than welcome. |
Beta Was this translation helpful? Give feedback.
@andreisilvasantos I understand, considering that disclosing part of customer's e-mail may open a new attack vector allowing people to guess some e-mails. We don't have any plans to support this as far as I know, but if you would like to come up with a design proposal, you are more than welcome.