[nycphp-talk] online password replacement
Dan Cech
dcech at phpwerx.net
Fri Mar 5 15:27:55 EST 2004
Allen Shaw wrote:
> Hi All,
>
> I wonder if anyone here has experience implementing a lost-password-recovery
> function on a login-based website. We're soon to be opening up our
> membership database to allow each individual to edit his or her own records.
> Naturally we have a login system in place, which our core staff is already
> using to access the database, but as of now any lost passwords would be
> replaced manually by the administrator. If we open it to hundreds of people
> that will be too much to handle, so I need to develop a way for people to do
> it themselves (probably using an email address on file). I'm sure I can
> create something that works, but I'm not confident yet to create something
> that both works and is fairly secure.
>
> I googled around but couldn't find fruitful keywords. Anybody have some
> recommendations on how best to handle this feature, or some place on the Web
> to look around?
A fairly standard approach is to simply generate a new random password
and send it to the email address you have on file.
If you have additional data about your clients on file you may be able
to implement a system which used that data to authenticate the client,
either then allowing them to change their password online or request a
new password be sent to their stored email address.
Dan
More information about the talk
mailing list