Password recovery

Question

How does password recovery system work? I'm interested in the method where the link to the post is sent, and the user clicking on the link changes its password to itself. Where and how to store to be as secure as possible?

knes knes 24.8k 31 65 · Accepted Answer · 2011-09-29T07:44:29

Next to the cell in which the password is stored, a cell is created with status and time.
1) if someone has clicked on the "reset password" link, the user will receive a letter containing the user's hash.
2) the user followed the link. 1) if it’s done at the set time - we give the opportunity to change the password by setting the session time to a couple of minutes. 2) if you do not have time - remove the password change status.

Question, status fields and time should be in the same table, where all the user data?
But I would do in the same where the password and login (mail, etc. Ie that that each user must have).

cy6erGn0m cy6erGn0m 18.8k 24 33 · Answer 2 · 2011-09-29T07:43:03

Store a user-key-expiration in the database. When a user clicks on a link, verify all data and if everything is ok, then give the password change. If not, then send nafig.

=) But I was convinced that I was thinking more or less correctly.

Nicolas Chabanovsky ♦ 38.2k 54 221 438 · Answer 3 · 2011-09-29T07:42:36

Next to the password field in the recovery field, for example, you write the code with which the person should come. In the link, transfer soap and this code. Or login and code or ID and code (so that you can clearly indicate who exactly to recover the password). Then check the match and change the password to random, and send it to the soap, and clear the recovery code. With an empty code to send with the recovery away.

I need the user to change the password by clicking the recovery link.
if it matches, output two fields to it - password + confirmation and to the hidden fields recovery code + id or login and go ahead

Password recovery

3 answers 3

More articles: