Reset Password Option Problem



@Liza, @Ian, @Alish, @Asha, @discourse and @system. There is this glitch in the reset password. I realize... ANYONE can reset the passcode! So, someone may want to go in my account, but they don't know the passcode. All they have to do is click "I Forgot my Passcode" and BOOM! I am scared because I am fearing this is how A. My passcode changed and how B. Phase Staff was hacked! In the next update, please edit this! Like, when creating your account, ask for email and then when Password reset is tapped it is looking for only 1 email, the one you put. Just a suggestion!


Yeah, a lot of websites do that! I think it's way safer (is that even a word?) than just really easy changing the password. Cause once you're logged in everybody can change your password! With an email send it's probably a lot safer (again...) because then only you (or your iPad) gets the mail.


Well, @LotsaPizza, if someone presses the button, it will send an Email to you saying something like " someone has requested a new password... If you didn't want to reset ignore this... If you did request to press this link..." So, no one can just reset your password, unless they get into your Email. Otherwise, no one can just go in and make a new password.


wow... your right... I got on a fake e-mail of mine (what else do you give to online gaming sites that will spam you?) and registered for hopscotch as qwertyuiop204842@gmaildotcom, and reset my justanerd password to :black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square::black_small_square: and then logged on with my original pass, it didn't work, then with my new pass... and it did... I feel so safe


Looks like this is the cause of the hacks!!!


that would make sense


the e-mail went to my fake e-mail, I checked it, and (on top of 20,000 e-mails from other gaming sites) was the password reset e-mail... and it didn't send to my actual e-mail, the one I signed up for hopscotch with


With the chrome browser on PC and iPad there's something you tap and it shows all the code behind the links on the page.
A few years ago a friend of mine found some code that went straight to a server to watch a movie for free that had to be paid for to watch.
When a link is placed to a project on Hopscotch maybe there's code in the link that gives access to the users account.


I was thinking that you can have security questions or something like that. I think that might work better, it's used on big websites like Instagram or Twitter and works fine... And they share photos!


Good idea they don't have to be complicated questions it could be what's your best friends name like a learning site I use at school I think it a really clever thing to do and nobody would guess it other than your best friend as there's lots of names in the world!


I didn't understand a thing you said


I think I could understand this better if u had punctuation. No offence.


@Musiclover but I saw a project that somebody in somebody's class got onto an account, not hopscotch, by knowing about the person. Therefore, I think the best questions are things like your cousins name, your hero, what your fav. bday present is... etc... :stuck_out_tongue_winking_eye:


Nice one @LazyLizard ! :+1:🏼:+1:🏼:+1:🏼 I wanted to say that too!


especially the b-day present, not even your best friend would guess that, or your mom... socks...(shudders)


Sorry but I was busy you'll realise the only punctuation I use in writing over than school work or letters or emails are these !!!!!!!!! Sometimes these for suspense ....... 🤗🤗🤗🤗🤗


Thanks, @comicvillestudios!


You can only reset the password of the account that is tied to your email.

for example, I just tried to reset the password for The Hopscotch Team account using my personal email. Instead, I got a link to reset the password of my other account (that is linked to my personal email).

You can't reset the password to an account you don't own (thankfully!!!!)


Oh! @Liza, I didn't know that, thanks.