We should make that error say something sensible, but if you’ve since change your password (which you must have to be using the site lately) the old password will no longer work.
Yep, correct. In the moment you ever requested a reset-password email and changed your password, you switched to a new secure password solution (even if you just used the same password).
Just tried doing this and got “Unknown error.”
We should make that error say something sensible, but if you’ve since change your password (which you must have to be using the site lately) the old password will no longer work.
So to confirm, that means it’s not possible for someone to impersonate me with access to a hash of my old password?
Yep, correct. In the moment you ever requested a reset-password email and changed your password, you switched to a new secure password solution (even if you just used the same password).