Wtf? Password Recovery? MD5? Unreversable? !!
View Single Post
02-18-2008, 08:54 AM
Join Date: Nov 2007
Originally Posted by
Thanks for all of your help! I really didn't even think of a password reset.
Seriously, most people (including me sometimes) forget that setting a new password is the best option. If you know a person very well, even a secret question wont suffice.
What you do is:
2. Forgot your password?
3. Send a mail with an activation key (perhaps linked to IP) to RESET the password.
4. Reset (with a hash) the password and enter a approx. 12 long string.
5. Send the password to the email together with an activation key.
6. Let the user enter the OLD password, the activation key and then once logged in (or at the activation key page) set their new password intimidate.
Most secure and common way to do it I guess.
"Life is a bitch, take that bitch on a ride"
The Following User Says Thank You to ReSpawN For This Useful Post:
View Public Profile
Send a private message to ReSpawN
Visit ReSpawN's homepage!
Find More Posts by ReSpawN