Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> So far not a problem, but the email you get back after sending the password reset request contains a link to a page that allows you to cancel the request (not sure the genius who had this idea)

Did you set the recovery email the same as the main email? Cause I only get password reset to the recovery email.

If you used the same address for recovery email, then it defeats the whole purpose




no i set another email. but still both emails will get the link.


This is not correct. Or at least, it should not be AFAIK.

I actually just tried it on an account I own, and it does not send the email to both addresses, only to the recovery email address.

If that is really happening to you, that sounds like a bug to me.


Is the person that hacked the account just sitting there waiting for emails to come in and hopefully can click the "Cancel Request" before you can reset the password?


If you make a habit of hacking Gmail accounts, it's probably not hard to make a bot that does it for you.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: