note
no_slogan
<blockquote><i>A tech site like this can get away with just sending people a new auto-generated password</i></blockquote>
Then someone could hassle me by repeatedly requesting password changes on my account. If they did it every 5 minutes, I could hardly use the site at all. The server could impose a rate limit on password changes, like only one per day or so. That would eliminate the full-blown denial of service, but I'd still have to go check my e-mail for the new password, which might be inconvenient.
153507
153623