Hi team,
I hope you are doing great.
Recently, we have registered an important increase of number of reset password requests during last days and we think we have been under some kind of attack.
In order to minimaze the risk of potencial and future attacks on this part of our subscription flow, we have been thinking about adding the recaptcha into the reset password request, theorically, we could refuse most of theses massive requests.
The endpoint to include the recaptcha would be the following: /identity/public/v1/password/reset
We think to include this point would be really useful.
Thanks in advance.
Ángel Las Heras Torrego
