Bug with forgot password :
Actually I never created my account here before but I thought that I have created and I went to Forgot Password to reset password and when I have entered my email, every time it said like 'A reset password mail has been sent...' but I didn't get any email so I tried many times. When I went to registration then I got to know I have not created before as I have been registered successfully. So on forgot password there should be message to know that entered email is not registered.
Усі відповіді (1)
It is a security best practice to not give away the fact that someone has or doesn't have an account. Saying "this email is not associated with an account" would let others infer where you have created accounts.
One of the Mozilla Foundation's 10 principles is "Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional." Since we really believe this, we are committed to keeping information about you and your accounts (or lack thereof) private!
Sometimes privacy and security are at odds with user experience. Unfortunately this is just going to have to be one of those situations. I trust you can understand the choice we've made here.