about account safety

  

hello ,

 i just found that it is really easy to change the password of my account. i can hardly say it's reasonable.

it will be more acceptable to me if there is an ''email-confirmation'' before change the password at any time. 

thank you.


Hi Sun,

Why do you think it's "[too] easy" and "hardly reasonable"? To change your password, you need to first specify your current password. So the only one to be able to change your password is someone that already has your current password (which, hopefully, is only you). This is pretty standard behaviour as far as websites with a login go. Only when you lost your password and request a new one e-mail comes typically into play.

I am not sure how this is different or less secure than any other password change system I have ever used? Email confirmation for a "I forgot my password" is normal and fine, but not for a simple "I know my password, I want to change it". I recently changed my password at dozens of sites and never had to follow that process either.

J.Ja

Kilian Hekhuis wrote:

Hi Sun,

Why do you think it's "[too] easy" and "hardly reasonable"? To change your password, you need to first specify your current password. So the only one to be able to change your password is someone that already has your current password (which, hopefully, is only you). This is pretty standard behaviour as far as websites with a login go. Only when you lost your password and request a new one e-mail comes typically into play.

thanks for your reply but i still have my own worries. for some cannot-tell-you reasons i have to share my account with my team, so they got my password, however i can not make sure that everyone is unable to change my password. this is it.

i know that most webs do not have the ''email-confirmation'' step for changing password , this is what i am suggesting, because the account is important to me.

thank you 


Justin James wrote:

I am not sure how this is different or less secure than any other password change system I have ever used? Email confirmation for a "I forgot my password" is normal and fine, but not for a simple "I know my password, I want to change it". I recently changed my password at dozens of sites and never had to follow that process either.

J.Ja

thanks for your reply but i still have my own worries. for some cannot-tell-you reasons i have to share my account with my team, so they got my password, however i can not make sure that everyone is unable to change my password. this is it.

i know that most webs do not have the ''email-confirmation'' step for changing password , this is what i am suggesting, because the account is important to me.

thank you 


I am going to try to put this really nicely... but asking OutSystems to completely change the way they handle password resets because you shared your password (or may have shared your password) doesn't make sense to me. Accounts on this site are easy to make, and free. There is NO REASON to share your password. Unless you are doing something like sharing access to a Personal Environment. Which you shouldn't be doing either.

J.Ja

Solution

Justin James wrote:

I am going to try to put this really nicely... but asking OutSystems to completely change the way they handle password resets because you shared your password (or may have shared your password) doesn't make sense to me. Accounts on this site are easy to make, and free. There is NO REASON to share your password. Unless you are doing something like sharing access to a Personal Environment. Which you shouldn't be doing either.

J.Ja


thank you again, Outsystems is a really good platform but it's still unable to be visited by some places in the world like China, i feel sorry about this. i am Chinese. 

i have introduced Outsystems to some of my team members whom are not able to sign up an account, that's why i shared mine.

it's ok now. i will help to sign up new accounts for them. thanks

Solution