From 7983bebd8377766e195f77475ac1bccea8f086b8 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 26 Sep 2017 22:17:21 +0200 Subject: [PATCH] Explain that users should be informed via email about password changes --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 9cb3bbb..9aba516 100644 --- a/README.md +++ b/README.md @@ -328,6 +328,8 @@ catch (\Delight\Auth\InvalidPasswordException $e) { } ``` +In any case, after the user’s password has been changed, you should send an email to their account’s primary email address as an out-of-band notification informing the user about this critical change. + ### Changing the current user's email address If a user is currently logged in, they may change their email address.