diff --git a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_plan.adoc b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_plan.adoc index fac4211c0..0545e5516 100644 --- a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_plan.adoc +++ b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_plan.adoc @@ -12,11 +12,11 @@ Teach how to securely implement password reset functionality within your applica == Introduction Each and every one of us will have used the password reset functionality on websites before. Each website implements -this functionality in a different manner. On some site you have to answer some question on other sites an e-mail -with an activation link will be send to you. In this lesson we will go through some of the most common password +this functionality in a different manner. On some sites you have to answer some question on other sites an e-mail +with an activation link will be sent to you. In this lesson we will go through some of the most common password reset functionalities and show where it can go wrong. Still there are companies which will send the password in plaintext to a user in an e-mail. For a couple of examples -you can take a look at http://plaintextoffenders.com/ Here you will find website which still send you the plaintext -password in an e-mail. Not only this should make you question the security of the site but this also mean they store -your password in plaintext! \ No newline at end of file +you can take a look at http://plaintextoffenders.com/. Here you will find websites which still send you the plaintext +password in an e-mail. Not only this should make you question the security of the site but this also means they store +your password in plaintext!