[Cosmo-dev] "Forgot Password" workflow
Travis Vachon
travis at osafoundation.org
Thu Feb 15 10:06:52 PST 2007
Ahh, good call, I forgot about that.
Yeah, in that case, substitute "sends reset email" for "sends password".
-Travis
On Feb 15, 2007, at 6:44 PM, Randy Letness wrote:
> Travis Vachon wrote:
>> Hi folks
>>
>> I'm starting work on bug 7709: implement "forgot password"
>> workflow. The basic idea is that we'll have a way to recover lost
>> passwords via a link on the login page.
>>
>> There are a couple different ways of implementing this, which I've
>> seen in various forms in different spots on the web:
>>
>> 1) User enters username, service sends password to email address
>> registered for that username
>> 2) User enters email address, service sends password (and
>> username?) to that email address if and only if a user associated
>> with that address exists
>
> When you say "send the password", what do you mean? All we have is
> a hash. Do you mean setting it to some random password and sending
> that to the user? It seems like we need a step in between, like:
>
> 1. User enters email address
> 2. service sends email asking if user wants to reset
> 3. user clicks on link in email to reset
>
> Is that what you are talking about?
>
> -Randy
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
More information about the cosmo-dev
mailing list