Ideas for Arc XP

Auth & Security: Don't expire password-reset nonces when multiple requests occur in a short period of time.

We have a lot of impatient users who request multiple password resets within a few minutes. Inevitably they click on the first email that arrives which contains a reset nonce that expired because a new one was requested.

This issue is difficult to diagnose and explain to our users. It would be far easier if nonce-expiration were not sequence-based

  • Ian Bonner
  • Oct 18 2021
  • Future consideration
  • Attach files
  • Admin
    Jessica Cavallo commented
    2 Nov, 2021 03:10pm

    Thank you Ian for the feedback and suggestion! We'll look into this as a future feature change.

  • Ian Bonner commented
    28 Oct, 2021 03:42pm

    Blueconic handles this nicely