When requesting a password reset, the email content is out of date #13520
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
When requesting a password reset, the email content is out of date
Current email
Changes to make:
Remove the 2 sentences saying the token_auth changes when you reset password. Since a few versions ago, we have de-coupled password and token_auth and now changing password does not change token anymore.
Do not make the link clickable. it is too easy to fall in a trap of an attacker requesting a password reset, and one opening the email and clicking on the link by mistake / habit of trusting all emails from Matomo. Requesting a password reset is one of the most critical things and it's important to make sure people understand what they're doing (and can't be easily tricked).
Update the text from "visit the following link" to "please copy and paste the following link in your browser:"
The text was updated successfully, but these errors were encountered: