Page 1 of 1
forgot password security
Posted: Thu Apr 11, 2013 4:44 pm
by ghasembaghi
when a user go to forgot password page and enter his email, script will change his password and send to user's email.
it's a bad scenario because other users can enter enter my email address and my password will be changed without i want to do it.
i suggest that, script send a validation link to user's email,then if user click on this link, redirect to a new page and can define new password.
Renew "forgot password routine"
Posted: Wed Apr 29, 2015 8:49 pm
by digitalphotoworld
At the moment, users receive two emails. First email is the verfication, second email the new password.
If you use a Tablet/Smartphone for reading emails, it is not very comfortable to copy & paste the 16-character long new password. And after that, you have to set although a new password.
I suggest the following:
Sending a second Email with a random password is not necessary. After clicking the url in the verification-email, redirecet directly to a form where users can set the new password.
In short, my suggestion is the following:
- Send an email with an activation link
- After klicking the link, redirect to a form for the new password
Ready...
Re: forgot password security
Posted: Thu Aug 06, 2015 6:05 pm
by Webmaster