Additional Verification for Forgot Password Requests
Description:
Currently, anyone who knows a company’s main RingCentral number can trigger a “Forgot Password” request via service.ringcentral.com. This sends a password reset email to the account’s default admin or system mailbox. If repeated or intentional, this can become a nuisance and may overwhelm the admin’s inbox.
Proposed Enhancement:
Implement an additional verification step before sending a password reset email to the admin.
For example, require a security code or PIN that is known only to verified account members.
The code could be set by the admin and shared only internally.
Only after successful verification would the system send the password reset email.
Optionally, include logging of failed attempts for admin visibility.
Benefit:
Protects the admin from receiving nuisance emails due to public knowledge of the main number.
Maintains security by ensuring only authorized personnel can request password resets.
Prevents potential abuse from repeated or malicious “Forgot Password” attempts.
Gives organizations control over sensitive notifications without affecting legitimate access.
Ryan
shared this idea