My previous blog described how Firebase’s password reset system is insecure. This blog introduces a new open-source project which acts as a drop-in replacement for the insecure system.
The problem applies to apps using email/password authentication in Firebase Auth. When a user asks to rese...