Note: The password in this image is no longer valid, don’t kill me
This is just used by their wiki, the side with the payment stuff uses a different system (and a separate login)
Note: The password in this image is no longer valid, don’t kill me
This is just used by their wiki, the side with the payment stuff uses a different system (and a separate login)
No, it is not “insecure.” It aligns with OWASP guidance: https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html
When would it be problematic? It would be problematic if they sent your actual password in cleartext as part of the “reset.” This would show that they can access your password in plain text within their database, which is the worst way of storing passwords on servers. (Dedicated password hashing algorithms exist to securely store passwords.) What they provided you is a one-time password.