Notify user by email when password changed
Open, NormalPublic

Description

It would be a nice idea to notify users by email (when they have a address setup) that their account password has been changed.


Version: unspecified
Severity: enhancement
See Also: T46486, T11838

Peachey88 created this task.Dec 4 2010, 2:22 AM
demon added a comment.Dec 5 2010, 4:33 AM

*sigh*

I hate adding user prefs, but I'd want to disable this...

demon added a comment.Mar 20 2011, 5:16 AM

Why should we add such a feature, or why would I want to disable it?

Currently we have an account swiping problem. If someone gains access to a session, they can escalate that to exclusive full account control by changing the e-mail and using password reset. This process has no notifications (which should be in place) to warn the user that their account has been swiped.

I'd argue requiring a password to change the email would be a much more effective means to prevent that attack though.

IAlex added a comment.Mar 20 2011, 6:35 AM

That's bug 20185.

(In reply to comment #3)
Why would you want to disable that?

demon added a comment.Mar 20 2011, 4:21 PM

(In reply to comment #7)

(In reply to comment #3)
Why would you want to disable that?

Because I don't like getting extra e-mails? Especially when it's about an action I initiated myself.

Because I don't like getting extra e-mails? Especially when it's about an
action I initiated myself.

I think you /would/ want that in case it wasn't you who initiated it. How often do you change your password? I don't think most people have ever changed their password. Much less doing so often enough to be annoying.

ashishmittal.mail wrote:

Hello,

I would like to solve this bug. I believe solving this would require editing of execute() in Special:ChangePassword file to add a sendmail() function along with creation of some messages (in MessagesEN.php) which would form the body of the mail as parameters to sendmail(). This process would be somewhat similar to what has been implemented in PasswordReset. Kindly guide if this is the correct approach and I should go ahead with it.

Thanks,
Aashish

You would user UserMail, but otherwise yes, that seems the right process.

Patch in Gerrit needs review...

Maybe I should remove the tag, because I need to refactor that patch before it can be merged anyway.

Change 48578 abandoned by Parent5446:
Notify user by email when password changed

https://gerrit.wikimedia.org/r/48578

Nemo_bis set Security to None.
demon removed a subscriber: demon.Jan 5 2015, 3:38 PM
Tgr edited the task description. (Show Details)Sep 2 2015, 9:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 2 2015, 9:11 PM

Hi, sorry for this question...but I want to change my Phabricator password and I can´t find how to do it step by step...thanks!!!

@MelinaMasnattaWMAR83: This task is about the MediaWiki software. For the Phabricator software please see https://www.mediawiki.org/wiki/Phabricator/Help and its Discussion page - thanks.

Add Comment