Print Page | Close Window

suggestion for forgot-password system Printed From: Web Wiz Forums Category: Web Wiz Web App Support Forums Forum Name: Web Wiz Forums Suggestions Forum Description: Do you have any ideas for applications or content on Web Wiz? Then leave your suggestions here. URL: https://forums.webwiz.net/forum_posts.asp?TID=25408 Printed Date: 28 March 2026 at 5:58pm Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com Topic: suggestion for forgot-password system Posted By: frufru Subject: suggestion for forgot-password system Date Posted: 07 March 2008 at 5:11pm I noticed that when you make a forgot-password request on an account (not even necessarily your own account), the password gets changed immediately and emailed to your account. I'm thinking that this may get annoying if people want to, because they could keep changing your password, and you'd have to keep checking your email and resetting it. So yeah, since the passwords are 1-way encrypted, a good method would be to use some sort of key. So it goes like this: 1. User makes a forgot password request. Enters username/email... (CAPTCHA should still be there) 2. A 16-character key (or a similarly long one of random letters & numbers) is generated and stored to the database along with the person's username. 3. A URL is emailed to the person that goes something like... http://forums.webwiz.net/forgotpass.asp?username=USERNAME&key=KEY When they go to that link (and have the correct username corresponding to the right key), they will be given the option to change their password or cancel the request (which deletes the entry from the database). When the password is changed using the method, the entry representing the request is also deleted from the database. (Oh, and perhaps include the IP address that the password request was made from and send that with the email as well) This is the system that I have on my self-service image randomizer service (also coded with ASP; password is also 1-way encrypted). I also have a sort of limit on the # of password requests that can be made on an account before it's next login (not sure if you have that here). It wasn't too hard to code, and it's been working quite well :) ------------- http://www.random-image.net - Image Randomizers :P ^ Live stats :D ^

Print Page | Close Window Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net