Tag: Firebase’s

Firebase’s Password Reset is Insecure. Here’s How to Fix It.

My previous blog described how Firebase’s password reset system is insecure. This blog introduces a new open-source project which acts as a drop-in replacement for the insecure system. The problem applies to apps using email/password authentication in Firebase Auth. When a user asks to rese...