Unsolicited password changes

Good morning -

One of our members is reporting that this is the second time (in a week) she is receiving an email to change her password - text below:

"Hello TiLiAnne Tanner:

Click on the link below to access your club website as a member. The site will remember you for a day, as long as you are using the same computer/device and do not clear your cookies. If you wish to access from another computer or device, just reauthenticate, or set a custom password by clicking the link below.

< 5328717.toastmastersclubs.org/index.cgi?...KYYMBMW0bqYw8LXmhXGt >

Note: if the above URL is wrapping in your e-mail and not fully linked, you can copy and paste the URL (without the <>) in your web browser's address bar."

Thank you!

This means that someone typed in her name without a password into the sign in popup.

Since she received the email this means our security is working correctly. She doesn't have to do anything and can ignore the emails if she does not want to change her password.

There is not much additional that we can do about this other than checking the IP address and/or computer name of the computer that the user is using against something stored in the FTH database. However, those added controls are problematic since some people will use more than one computer to access their club website, and adding an IP address or computer name check would interfere with that.

Because of this, as Brian points out, even though the member may not appreciated getting the password change emails, it does indicate that the system is working as intended, since password change requests will only go to the member's email address stored in our database and not anyone else.