Change Details

As a developer, I want to know the technical, security, and UX considerations for the password reset project, so that the CommTech team can properly prepare for the project. **Requirements:** * Investigate the technical and social considerations of requiring both a username and email address to successfully generate a password reset request email * Investigate how accounts with 2FA may be impacted by password reset changes and how we can maintain a smooth password reset process for them * Investigate if we can have an email only reset option (i.e. no requirement of username). If yes, what would be the consequences (technical and social)? * Connect with Security team to determine if there are additional risks to take into account (note: we have had preliminary chats with Sam Reed in Security, but we should reach out again for this spike, if possible) * Investigate what sort of logging may be helpful for Community Engagement or Anti-Harassment after this work is complete * Query for what percentage of accounts: ** Don't have a confirmed email address? ** Have a unique confirmed email address? ** Have a confirmed email address shared by another account (and, if possible, details related to distribution -- for example, perhaps some emails have 100s of accounts?).

As a developer, I want to know the technical, security, and UX considerations for the password reset project, so that the CommTech team can properly prepare for the project. **Requirements:** * Investigate the technical and UX considerations of requiring both a username and email address to successfully generate a password reset request email * Investigate how accounts with 2FA may be impacted by password reset changes and how we can maintain a smooth password reset process for them * Investigate if we can have an email only reset option (i.e. no requirement of username). If yes, what would be the consequences (technical and UX)? * Connect with Security team to determine if there are additional risks to take into account (note: we have had preliminary chats with Sam Reed in Security, but we should reach out again for this spike, if possible) * Investigate what sort of logging may be helpful for Community Engagement or Anti-Harassment after this work is complete * Query for what percentage of accounts: ** Don't have a confirmed email address? ** Have a unique confirmed email address? ** Have a confirmed email address shared by another account (and, if possible, details related to distribution -- for example, perhaps some emails have 100s of accounts?).

As a developer, I want to know the technical, security, and UX considerations for the password reset project, so that the CommTech team can properly prepare for the project. **Requirements:** * Investigate the technical and socialUX considerations of requiring both a username and email address to successfully generate a password reset request email * Investigate how accounts with 2FA may be impacted by password reset changes and how we can maintain a smooth password reset process for them * Investigate if we can have an email only reset option (i.e. no requirement of username). If yes, what would be the consequences (technical and socialUX)? * Connect with Security team to determine if there are additional risks to take into account (note: we have had preliminary chats with Sam Reed in Security, but we should reach out again for this spike, if possible) * Investigate what sort of logging may be helpful for Community Engagement or Anti-Harassment after this work is complete * Query for what percentage of accounts: ** Don't have a confirmed email address? ** Have a unique confirmed email address? ** Have a confirmed email address shared by another account (and, if possible, details related to distribution -- for example, perhaps some emails have 100s of accounts?).