On 05/07/05, Habj sweetadelaide@gmail.com wrote:
Isn't this very simple? The verification is, that the password is sent not to any emailadress but to your emailadress, that you have registered at Wikipedia that goes together with your user account.
This is absolutely correct, and reasonably standard practice; what better verification could there be? There are password reminder questions, but IMHO these either boil down to "you forgot your password, what's your password?" [be it the same one or a secondary "backup" password] or helpfully assist anyone trying to guess their way into your account.
It seems reasonable, IMO, that both passwords should be valid for a while.
In fact, IIRC, both passwords are valid indefinitely - there is no reason for an "I forgot my password" feature to disable normal use of the account. If the randomly generated password from the e-mail is used, you have the chance to set it to something you haven't forgotten; but if you haven't forgotten the original after all, don't bother.