Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow web admins to notify authier users that their password was leaked #116

Open
capaj opened this issue Jan 19, 2022 · 0 comments
Open

allow web admins to notify authier users that their password was leaked #116

capaj opened this issue Jan 19, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@capaj
Copy link
Collaborator

capaj commented Jan 19, 2022
edited
Loading

We should have an api to allow any web domain owner to notify users their account password got leaked.
This will be on 2 levels of granularity:

  1. per single username when they had a leak in logs for example
  2. for all usernames on domain/subdomain (for example when whole DB is compromised like here https://forum.opensubtitles.org/viewtopic.php?f=1&t=17685&p=46818#p46818

web admins would only get access to this when they prove they own a domain with a custom TXT record.

When reported, we would mark the password as leaked in the UI and we would link user to a change password page(this would be entered by website admin when reporting the leak)
@capaj capaj added the enhancement New feature or request label Jan 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@capaj