when users reauthenticate to create email reset request or change password we currently don't ratelimit reauthentication. This should not be the case. Enforce a shared policy for these cases.
when users reauthenticate to create email reset request or change password we currently don't ratelimit reauthentication.
This should not be the case.
Enforce a shared policy for these cases.