Copied from JellyNeo.
If you read New Features on Thursday, you would have noticed that Neopets is releasing a new password reset feature, and we're happy to announce that the feature is active! We thought we'd explain the new feature a bit and the security benefits that comes with it.
First off, we'd like to applaud Neopets on releasing this new way of resetting passwords. It's much, much more secure than the old system and has quite a few modern security features.
To start off, to reset your password, you can click the "Forgot password?" link on the login box on Neopets.com.
You must provide your Neopets username to make sure it exists, and if it does, then you must enter a CAPTCHA to confirm you'd like a change.
You then receive an email with a special, unique link to reset your password. You also have the option to click a second link that cancels the reset and voids the link.
When you click on the link to reset, you are asked for your username.
After confirming your username, you are then asked for a new password.
A successful reset will get you a second email in your inbox letting you know a change was made.
The best improvement here is that your password is no longer sent via email! Email is not very secure at all, and can be easily intercepted on its way from Neopets.com to your inbox. Sending your raw password was honestly a pretty terrible system, and we're delighted Neopets has changed it.
Another benefit of not being sent your old password is that a hacker will never know what it was in the first place, which can be helpful if you use the same password on multiple websites. (Which is a BIG NO-NO.)
When requesting a new password, you're also asked for a CAPTCHA, which should reduce the number of bots sending password requests.
When you click the link to reset your password, asking to confirm your username is a great extra step to prevent scammers from trying to guess random password reset URLs.
You also have the option of canceling a request to prevent others from using your password reset URL.
There are probably a few other things we're missing too.
Is this actually active?
Last night I forgot the pw to one of my accounts, so I entered in email and they still sent me back my old pw with my username.
This is a very, very sad day for a lot of users on here and past programs
I saw some changes had been implemented earlier today when checking a couple accounts.
yah im guessing that will be patched soon as they relize its still there lol.. mayb they will patch petpet as well i guess
Yup, it will. I'm fairly sure they're implementing this for the sole reason of doing away with most of inactive account farming abilities, and that means full usage of the new system.
ah well ill just go back to my multi flps.. worked wonders b4 and now ill have more of a market for my shells