Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.
For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email email@example.com.
I’m wondering if anyone has found or implemented a fix for the forgot password behavior. Currently, you can lock a user out simply by entering their email in the forgot password field. That seems wrong. Would prefer keeping the old pwd and sending a token to allow login without the pwd so that the user could change it.