Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
798 views
in Q2A Core by
Hi There,

When password reset email is being sent, a code is sent to the user mail box. This code changes if the user asks Q2A to send reset email again.

I know this change has security reasons, but I recommend to lower the security standards over here as the risk is acceptable. Users usually get confused in this process and can't complete the process. Loosing users in this way pose a higher risk to Q2A websites.

Is there anyway that users can get same codes over time?

Thanks
Q2A version: 1.7.4

1 Answer

+3 votes
by
This is security issue and I feel we should not compromise it.

If user code is same and what if someone get user code, account will be hacked.
by
ProThoughts can you tell which algo has been used to create reset code.
by
can anyone know the next code if he knows the previous one?
...