On 05/07/05, Habj <sweetadelaide(a)gmail.com> wrote:
Isn't this very simple? The verification is, that
the password is sent
not to any emailadress but to your emailadress, that you have
registered at Wikipedia that goes together with your user account.
This is absolutely correct, and reasonably standard practice; what
better verification could there be? There are password reminder
questions, but IMHO these either boil down to "you forgot your
password, what's your password?" [be it the same one or a secondary
"backup" password] or helpfully assist anyone trying to guess their
way into your account.
It seems reasonable, IMO, that both passwords should
be valid for a
while.
In fact, IIRC, both passwords are valid indefinitely - there is no
reason for an "I forgot my password" feature to disable normal use of
the account. If the randomly generated password from the e-mail is
used, you have the chance to set it to something you haven't
forgotten; but if you haven't forgotten the original after all, don't
bother.
--
Rowan Collins BSc
[IMSoP]