I'm wondering what the best method is for creating a forgot password function on a website. I have seen quite a few out there, here are a few or combination of: passphrase question / answer (1 or more) send email with new password on screen give new password confirmation through email: must click link to get new password page requiring...
My company is developing an online HR and Payroll application where securing access is critical. I'm clear on how to lock down most of the authentication/authorization processes, except for the 'Forgotten Password' page. My initial plan was to require the user to enter both an e-mail address and a response to a previously selected/ente...
I have a basic authentication process that uses Zend_Auth_Adapter_DbTable. I have login and logout actions on my Authentication Controller. Now I want to create a function to reset forgotten passwords by automatically generating a password, saving the new password, and sending them an email with the newly generated password. What would ...
I'm programming a community website. I want to build a "forgot my password" feature. Looking around at different sites, I've found they employ one of three options: send the user an email with a link to a unique, hidden URL that allows him to change his password (Gmail and Amazon) send the user an email with a new, randomly generated...
Hi, I don't want to have the security question and answer feature that ASP.Net Membership Provider gives, but I DO want to enable a lost/forgotten password page. This page would be where a user would enter his/her email address and an email would be sent to that address if the user was registered for them to reset their password via a l...
Is it better (more convenient or secure) to provide users with a lost username or password via direct message on Twitter rather than via email? ...
Hi every one! I am developing an app which I should design a page for users who forget passwords and send email to them the new passwords. I am using ASP.NET Membership and password format should be hashed. My problem is when sending mail has been failed, password has been changed and wow! no work can be done. what is your solution? ...
A group in my company is implementing a single-sign-on REST API for our applications. This authentication service has a password reset function. The application sends the username to the reset function. If that username is associated with an email address, then an email is sent to that address with a temporary password. The other app...
Hi, I am writing a password-reset page for my website. Here's my idea: a. User click the "forgot password" link on the login page b. Redirect to my password-reset page c. User enter his email address d. A email message sent to the email address with the link to reset his/her password. The link has security code like ?code="xxxx" in i...
Hi, I've seen various questions regarding this issue, but there are a couple of questions that haven't been asked. If the user forgets their password, I would like them to be able to reset it with only their email address (i.e. there's no security question/answer). The password is stored as a salted hash, so there's no recovery possib...
How to add the forgot-password feature to Django admin site? With email/security question options? Is there any plug-in/extension available? ...
This is a mix of programming and sysadmin but I decided its more of a programming issue. Currently working building a password management web application for managing Oracle user accounts (C#). The scope calls for verification of the users Oracle username and password before they're allowed to set a new password. Without creating a tab...
I've created a code to change a password. Now it seem contain an error. When before I fill in the form to change password.the error is: Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php:7) in C:\Program Files\xampp\htdocs...
Hi, I want to implement a forgot password function in my java web application. I want to implement it like this: User enters their account email address and presses 'forgot password' button App generates a unique code of characters and numbers and sends a link with that as a parameter to the user's email address User clicks the link a...
Hi, I'm trying to do a "i forgot my password" functionality. My problem is that if i try to do a Doctrine query and send password to email it retrieves password encrypted. I look at some webs that DoctrineGuard don't have this functionality and only have register and login functionality. Is it true? In this case, how i can do a rememb...
The normal flow for resetting a user's password by mail is this: Generate a random string and store it in a database table Email string to user User clicks on link containing string String is validated against database; if it matches, user's pw is reset However, maintaining a table and expiring old strings etc seems like a bit of an ...
Hi All, I've gone through all helps and all forums., but none of them have helped me. Here is my problem Developing a site on localhost using ASP.NET 3.5 I want to provide 'forgot password' functionality using <asp:PasswordRecovery> Any real help is greatly appreciated. Please note that I want to send it by either changing web.config...
Can I use the asp.net 3.5 Password Recovery control in an mvc application? We need to provide password retrieval capability for our mvc app and I would like to use the password recovery control which only works with a web form app ... Thanks for any help provided. Rob ...
I am building a service that will have a 'forgot my password' feature. In addition to that, it will also email users when results are ready from my service. I would like to ensure delivery of my emails so I was looking around to find a service that would let me send emails. All that I've been able to find so far are services that requ...
Hi, I see it all over the place, yet, I could not find one example about this (maybe I don't know the proper wording), I am trying to build using ASP .Net MVC2 (but any example on just ASP .Net would be also helpful) a process that will send a link to the user at the end of the registration process to let him confirm his registration. ...