Like many web applications, JumpRope allows users to reset their password in the case that it was forgotten. You can always do so by simply going to the login page, typing in your username, and clicking on the Forgot your password? link. Provided that the email entered is associated with an account in our system, this will generate an email that includes a secure link that you can use to reset your password.
Did you receive an email without requesting a password reset?
If you received an email with a link to reset your password without first requesting the email, don't worry. Anyone who knows your email can generate the password reset request. However, your account cannot be changed without either knowing your password or having access to the primary email account associated with our system. Our password reset functionality is secure and based on the following principles:
- Without your password, the only way to access your account is by using the secure link emailed to you in the Request Reset email.
- Your password is not stored in our system, and is never sent to you via email. The secure token included in the link is only good for a single reset and expires in 7 days, so even if someone sees the email it is unlikely that they could access your account.
- Another user could theoretically be "annoying" by repeatedly requesting a password reset for your account. There is a rate limit on this, so that it cannot be done too many times in a row. Nevertheless, it could send several emails to your inbox. However, unless the link is clicked, no changes will be made to your account. Your old password remains valid and your account remains active no matter how many password reset requests are outstanding. In other words, you'll still have access to your account even if someone decides to be a pain and request a reset password over and over.
If you received a password email without first requesting one, it is likely that someone accidentally did so. If you use shared computers (such as those in the teacher's lounge at your school), the default behavior of our system is to remember the username of the last-logged-in user (but NOT the password, of course), for your convenience. If another user uses the computer next and clicks on the Forgot your password? link without first changing the username, you'll get the email even though you didn't do anything... and nobody was necessarily being malicious.
In general, it's safe to ignore these. If you see them repeatedly, you can contact our support team (firstname.lastname@example.org) for assistance tracking down the culprit.
Thanks, and let us know below if you have any questions!