Ideas for Arc XP

CAPTCHA Support for Password Reset API

Currently the password reset API only requires a username and does not support CAPTCHAs. Without CAPTCHA support it's fairly easy for a malicious party to spam legitimate users with password reset emails. I propose CAPTCHA support for password reset just like there's one for magic links and registrations.

  • Stan Borbat
  • Jul 29 2024
  • Future consideration
  • Attach files
  • Guest commented
    10 Oct, 2024 09:17am

    Hi (Ali),

    We hereby sincerely invite you and your company to visit our booth during electronica 2024.

    C5.248

    Trade Fair Center Messe Munchen

    (10:00 - 11:00, November 13th, 2024)

  • Admin
    Jessica Cavallo commented
    11 Sep, 2024 12:36am

    Thank you for submitting this idea. I agree it would be good to protect the password reset flows with reCAPTCHA and we will consider adding this.

  • Guest commented
    30 Jul, 2024 07:44am

    We are being spammed by bots requesting 300+ password resets on a brand new bot created accounts. 4 million+ password resets this year so far, and all are calling the Arc services directly which are not protected.