Password Management
bheiskell opened this issue · comments
Ben Heiskell commented
Need to address three issues:
- Password changes - Current implementation doesn't require the old password
- Password resets - There is no user based "I forgot my password"
- Password resets by an admin
We also may want an account lock out / throttle. After ten bad passwords, have a thirty second delay between the latest request. Clear this field when a user successfully logs in.