[Cosmo-dev] "Forgot Password" workflow
Randy Letness
randy at osafoundation.org
Thu Feb 15 09:44:28 PST 2007
Travis Vachon wrote:
> Hi folks
>
> I'm starting work on bug 7709: implement "forgot password" workflow.
> The basic idea is that we'll have a way to recover lost passwords via
> a link on the login page.
>
> There are a couple different ways of implementing this, which I've
> seen in various forms in different spots on the web:
>
> 1) User enters username, service sends password to email address
> registered for that username
> 2) User enters email address, service sends password (and username?)
> to that email address if and only if a user associated with that
> address exists
When you say "send the password", what do you mean? All we have is a
hash. Do you mean setting it to some random password and sending that
to the user? It seems like we need a step in between, like:
1. User enters email address
2. service sends email asking if user wants to reset
3. user clicks on link in email to reset
Is that what you are talking about?
-Randy
More information about the cosmo-dev
mailing list