a)
I’ve tried to log in using a wrong pwd for my account,
most surprisingly (!!!!!!!!!)
the reply was “Bad Password” (why not say “try the first letter in uppercase”?).
I’ve tried a bad username:
“We cant find your username or email,please check it!
---> NEVER give any hint for an attacker, the only reply must be
“Bad user / password”
I do hope that you will block the account after 10 failed attempts.
b)
Password reset: I’ve tried a wrong email address,
OK, just a typo in the pop up:
Hi: should read:
Don’t write: “Bad email”,
only write
“Sorry!
We couldn’t find this email address”
c)
I have requested a pwd reset and got the email with link:
OK, just a small text improvement / _suggestion_ (mind also the CR/LF):
[BTW I’m not a native speaker, @signality should check ! ]
Your text:
Hi Sancho,
Someone has requested a password change for an account with this email address To change the password for your account you must visit the following URL from the same IP address in which you made the request within 24 hours:<a href="https://easyeda.com//cgi/useraction.php?email=" target="_blank" rel="nofollow">https://easyeda.com//cgi/useraction.php?email=</a>***************&resetPasswordStart=U2FuY2hvKzdjY2E0MGVkZmU1YTY3MGY5YmUzMjg4ZGYzMTMwMDlh The easyEDA Team Many thanks.
should read:
Request for password reset, Sancho
Hi Sancho,
We got a “Reset Password” request for your easyEDA - account.
To set a new password for your account you must visit the following URL from the same IP address that you had when requesting the reset:
<a href="https://easyeda.com//cgi/useraction.php?email=" target="_blank" rel="nofollow">https://easyeda.com//cgi/useraction.php?email=</a>***************&resetPasswordStart=blabla
The link will be only valid for 24 hours from the request.
If you have any question you can email us at: support@easyeda.com
Your easyEDA Team
