shamwowy Posted July 26, 2011 Share Posted July 26, 2011 Hi all. Just wondering if anyone has a favorite, simple, safe password reset method that I haven't thought of. I'm currently leaning toward having the user click a "reset password" link, enter an email address, then creating and emailing a temp password to the email address (from a matched database record), then having user change password based on login with the temp password sent via email. That seems a few too many steps for my userbase (mostly old ladies). Any thoughts on something easier (for the old ladies) that is still simple and safe? Thanks for any thoughts y'all may have. Quote Link to comment https://forums.phpfreaks.com/topic/242815-methods-for-resetting-user-passwords/ Share on other sites More sharing options...
thehippy Posted July 26, 2011 Share Posted July 26, 2011 You can skip the temp password part if you generate a unique token. [*]User goes to password reset page. [*]User enters email address [*]Check valid email address [*]Generate and save token [*]Email User with URI including the token (ex. Goto mysite.com/passwordreset/d93jd993jjda9/) [*]User goes to password reset page with token [*]User enters new password and confirmation Quote Link to comment https://forums.phpfreaks.com/topic/242815-methods-for-resetting-user-passwords/#findComment-1247172 Share on other sites More sharing options...
shamwowy Posted July 26, 2011 Author Share Posted July 26, 2011 Good call, thanks! Quote Link to comment https://forums.phpfreaks.com/topic/242815-methods-for-resetting-user-passwords/#findComment-1247584 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.