Ideas for Arc XP

CAPTCHA Support for Password Reset API

Currently the password reset API only requires a username and does not support CAPTCHAs. Without CAPTCHA support it's fairly easy for a malicious party to spam legitimate users with password reset emails. I propose CAPTCHA support for password reset just like there's one for magic links and registrations.

  • Stan Borbat
  • Jul 29 2024
  • Shipped
  • Attach files
  • Admin
    Jessica Cavallo commented
    September 11, 2024 00:36

    Thank you for submitting this idea. I agree it would be good to protect the password reset flows with reCAPTCHA and we will consider adding this.

  • Guest commented
    July 30, 2024 07:44

    We are being spammed by bots requesting 300+ password resets on a brand new bot created accounts. 4 million+ password resets this year so far, and all are calling the Arc services directly which are not protected.