As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.
对策是,让修改密码的表单不能被CRSF攻击,当然在改变密码的时候,也需要用户去输入旧密码。
You DID not enter your old password correctly. Please try again.
您输入的旧口令不正确。请重试。
Your old password is not valid. Please re-enter your old password.
您的旧密码无效,请再次输入旧密码。
You did not enter your old password correctly.
您输入的新口令不正确。
You did not enter your old password correctly.
您输入的新口令不正确。
应用推荐