I have a 2-step form. The second step is quite lengthly and the visitor may want to complete it at a later time. What I have done is generate a uid with sha1 using a combination of details: firstname, email address, salt and I email the visitor the link eg:
http://www.mysite.com/form/step2/[sha1 uid]
so when they click the links they can go back to the second step of the form...
I realize this isn't super secure, but is it acceptable? if not, what improvements can be done?
As long as your link is a bit random, people won't be able to "guess" it ; so, you should be OK, I suppose, as long as your "salt" is not the same for everyone (I guess it's some kind of random data your generate for each user ?)
Maybe you could have a "password" field on the first step of the form, and, if users arrive to the second step of the form via the link in the e-mail, they should re-type this password, to confirm they know it ?
I am not sure it is really necessary, but it might be seen by your users as a security measure (and some people like when the websites they are using are (or, at least, look like) secure).
Another nice thing to have would be for the link to be valid only a couple of days, maybe -- if that's suitable with the needs of your application.