Reset Forgotten Password
This is the pseudo-code for scripting a forgotten password routine in your web software.
* User selects forgot password option
* User enters email address, maybe with confirm visual image code
* Find that email address in your database, verify it exists
* Generate a unique ID (token) and send this in an email confirmation mesage to the end user
* In addition save this unique ID (token) in a database along with a TTL (Time to Live) value.
* When the end user opens his/her email and clicks on the confirmation link
* Retrieve the unique ID (token) from the confirmation URL
* Check this exists in the table created above and verify that the TTL has not expired.
* If all okay, option to allow user reset password by entering a new password.
* Alternatively - a new randomly generated password is sent to that users email account.
* User selects forgot password option
* User enters email address, maybe with confirm visual image code
* Find that email address in your database, verify it exists
* Generate a unique ID (token) and send this in an email confirmation mesage to the end user
* In addition save this unique ID (token) in a database along with a TTL (Time to Live) value.
* When the end user opens his/her email and clicks on the confirmation link
* Retrieve the unique ID (token) from the confirmation URL
* Check this exists in the table created above and verify that the TTL has not expired.
* If all okay, option to allow user reset password by entering a new password.
* Alternatively - a new randomly generated password is sent to that users email account.
Comments
Post a Comment