Twiz Posts: 1 Registered: 12/23/2018
Twizilla
# 1 - Posted on 12/23/2018 5:38:38

I just changed my password and was pretty blown away that it didn't even ask my for my old password or e-mail address to verify. While it wouldn't affect me should my account on this site be compromised I can imagine that some users here are guilty of re-using passwords.

I just think it would just save everyone here some potential future headaches. That's all.

moho_00 Curator Backer Posts: 6844 Registered: 6/10/2011
moho_00
# 2 - Posted on 12/23/2018 13:14:00

I was a little confused by this at first because I thought you were referring to the Forgot Password process, which does require you to enter your email address (and you receive a time-limited link to use).

But it sounds like you're referring to the Change Password option on the My Account page, which does not require your email address or old password. However, since you (or whoever) is already logged in by the time you see this screen, I'm not sure how much more secure it would be to require you to enter the old password when changing it. I have no problem with adding that extra check, but wasn't sure if that's what you were looking or if you're referring to actual 2FA during the login process.