Gossamer Forum
Home : Products : Gossamer Mail : Discussion :

Shouldn't This Be So?

Quote Reply
Shouldn't This Be So?
Hi Alex/ Adrian,

this is wrt paswd recovery thru q&A mode. Accounts which have not been activated should simply get error message instead of displaying the passwd. Why i say so is:

A user signs up for the account and account lies inactive.

His jealous freind (in front of whom he may have signed up for the account ... obviously not displaying the passwd) would now try to get his passwd (which can also be the psswd to the alternate email account. Since the passwd is displayed even for non active account, this jealous freind just takes this passwd and logs in to the alternate email account and starts playing dirty.

Correct me if i sound crazy.

Thnx

Anup