jimfog Posted April 9, 2013 Share Posted April 9, 2013 I suppose that if a user wants to change his password. it is always best practice to ask for old one, check with the db that indeed he has provided the old one and send a confirmation e-mail in order to finish the process. Is there something else to know about the change password procedure? Link to comment Share on other sites More sharing options...
Mudsaf Posted April 10, 2013 Share Posted April 10, 2013 I'd rather do it without old password. I would do it like how most "forgot password" methods worked. Also if user is logged in it would require no confirmation or security question confirmation. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now