It would be very helpful to extend that log to include changes to the password and PIN as well, including the following values:
- - timestamp
- user taking the action
- type of action, one of- - password change (values not saved, or only the old one, but not the new one)
- password reset and sent (including temp password)
- password reset link sent (including token sent)
- - profile
- reset link from e-mail
- - password change (values not saved, or only the old one, but not the new one)