Last modified: 2012-04-16 09:16:02 UTC
While the password is only sent to the authenticated e-mail, this creates quite a hassle when someone attempts to gain access or cause trouble for the end-user. I just experienced an issue where an account is tied to a bot framework (similar to stewbot) and I have to go through all this mess changing the e-mail/password, re-authenticating, and adjusting the bot config when all this could have been avoided by the user not even knowing the account's e-mail address in the first place.
Would you think that Bug #26227 (Notify user by email when password changed) would be a solution to this?
Fixed in r86482.