I've been discussing with Florian on IRC a suggestion for improved account security.
On many sites, you will get a message a message like this:
>Hello evildmp,
>
>We wanted to let you know that your GitHub password was changed.
>
>If you did not perform this action, you can recover access by entering
>
dan...@vurt.org into the form at
https://github.com/password_reset.
>
>To see this and other security events for your account, visit https://
>
github.com/settings/security.
>
>If you run into problems, please contact support by visiting https://
>
github.com/contact or replying to this email.
(In fact my
gumtree.com account was compromised, and this mechanism is how I learned about it, and was able to alert Gumtree and have a fraudulent advertisment removed from my account within minutes).
A similar thing would be valuable in Django, to help improve the security of all Django accounts and sites.
I am not sure how it could or should be implemented; Florian suggests as part of a more general audit framework.
On a related matter, my
djangoproject.com account has an associated email address (not the same one as at
code.djangoproject.com) but I don't think I am able to change that.
Daniele