Feature request: Change password flow that requires the current password as a factor

Feature: A change password flow that requires the current password as a factor.

Description: Looking for a way to implement a change password flow in a web app, browser that allows users to change their current password. Would like to require that in order to change the password users must provide the existing password as a factor.

Use-case: Given someone with access to a users existing authenticated session, and their email. Using the current password reset flow within Auth0, they would be able to change a users password. If the password reset flow required providing the current password, changing password would not be possible. This feature was a recommended requirement from a security audit as additional control to increase effectiveness of the authentication system.

Hey there!

Thank you for creating this feedback card! Make sure to upvote it so that it gets as many votes as possible. We review those feedback cards on a monthly basis and will let you know once we have any updates on that front!

2 Likes