Ideas for Arc XP

CAPTCHA Support for Password Reset API

Currently the password reset API only requires a username and does not support CAPTCHAs. Without CAPTCHA support it's fairly easy for a malicious party to spam legitimate users with password reset emails. I propose CAPTCHA support for password reset just like there's one for magic links and registrations.

  • Stan Borbat
  • Jul 29 2024
  • Future consideration
  • Attach files
  • Admin
    Jessica Cavallo commented
    11 Sep 12:36am

    Thank you for submitting this idea. I agree it would be good to protect the password reset flows with reCAPTCHA and we will consider adding this.

  • Guest commented
    30 Jul 07:44am

    We are being spammed by bots requesting 300+ password resets on a brand new bot created accounts. 4 million+ password resets this year so far, and all are calling the Arc services directly which are not protected.