Results 1 to 10 of 14

Thread: New Password Reset on Neopets

Threaded View

  1. 01-06-2013 #1
    esperanto
    esperanto is offline
    esperanto's Avatar
    Joined
    Apr 2012
    Posts
    1,042
    Userbars
    6
    Thanks
    510
    Thanked
    742/409
    DL/UL
    23/0
    Mentioned
    368 times
    Time Online
    23d 14h 15m
    Avg. Time Online
    8m

    New Password Reset on Neopets

    Copied from JellyNeo.

    If you read New Features on Thursday, you would have noticed that Neopets is releasing a new password reset feature, and we're happy to announce that the feature is active! We thought we'd explain the new feature a bit and the security benefits that comes with it.

    First off, we'd like to applaud Neopets on releasing this new way of resetting passwords. It's much, much more secure than the old system and has quite a few modern security features.

    New Flow:
    To start off, to reset your password, you can click the "Forgot password?" link on the login box on Neopets.com.
    You must provide your Neopets username to make sure it exists, and if it does, then you must enter a CAPTCHA to confirm you'd like a change.
    You then receive an email with a special, unique link to reset your password. You also have the option to click a second link that cancels the reset and voids the link.
    When you click on the link to reset, you are asked for your username.
    After confirming your username, you are then asked for a new password.
    A successful reset will get you a second email in your inbox letting you know a change was made.

    Security Benefits:
    The best improvement here is that your password is no longer sent via email! Email is not very secure at all, and can be easily intercepted on its way from Neopets.com to your inbox. Sending your raw password was honestly a pretty terrible system, and we're delighted Neopets has changed it.
    Another benefit of not being sent your old password is that a hacker will never know what it was in the first place, which can be helpful if you use the same password on multiple websites. (Which is a BIG NO-NO.)
    When requesting a new password, you're also asked for a CAPTCHA, which should reduce the number of bots sending password requests.
    When you click the link to reset your password, asking to confirm your username is a great extra step to prevent scammers from trying to guess random password reset URLs.
    You also have the option of canceling a request to prevent others from using your password reset URL.
    There are probably a few other things we're missing too.


  2. The Following User Says Thank You to esperanto For This Useful Post:

    DarkAngel (01-06-2013)
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules