Lost Password

[gevans]

I'm writting a lost password script. This is how it's going to work...

 

• A user has lost their password...
  
• Go to the lost password page
  
• enter the email address assigned to the account (also used for logging in)
  
• submit form....
  
• email matched against database
  
• once found new 8 character random pass is generated
  
• password encrypted and updated in database
  
• password sent to user via email
  

 

Now I've done this before and am fine doing it, my only question is, is there more I can do for security other than going down the security question route (which I'm not going to).

 

[genericnumber1]

Other than using a captcha, request throttling, or some other means to prevent email guessing (some people do it just to be mean), I'm not aware of any methods other than security questions that would work.. that's not to say there aren't other routes to take, just not any I've ever used or encountered.

[gevans]

Yea, I couldn't think of much else either, might put the security question in place is a problem ever arises. I know that sounds lame....

 

Q: why not fix the problem before it's started??

A: it's more cost affective not to (at least short term).

[Philip]

• 
  ...
  
  • password encrypted and updated in database
    
  • password sent to user via email
    

 

They must change their password upon first login.

[genericnumber1]

I typically use security questions for things like this, it's simple for even very inexperienced users to use as long as you implement it correctly.

[The Little Guy]

What you could do, is once they enter their email, send them a new password, and when they log in with the new password, ask them to create their own password before they continue.

[uniflare]

Naw don't really need security questions, its a form of another password, usually easier to guess :/ since ou know the "topic" of the question.... especially if its stuff like "whats your dogs name"!? like wth!? lol.

 

Your current structure is fine, but i agree with genericnumber1: make sure people cant spam other email addresses. Once a request email has been sent say 3 times (email doesnt always arrive, every1 knows) - you should set a flag on the user profile showing that they need to log in with the new password before they can request another new password.

 

Which is basically limiting the password forget request emails, to 3. Until the owner of the account logs back in.

 

This would be extremely simple to implement, ou dont need any random q stuff. You should definietely have a way of entering a new password for themeselves or changing the current one in some "Account" Link.

 

my 2 cents . its what i would do. Inactive accounts i would delete after a some months.