Posted 14/05/2010 18:52:07
If I only had a Life
Last Active: 15/09/2012 08:21:24
I'd like to see this workflow change a bit. Right now, IF simply emails in clear text someone's private password. If a person uses the same or similar password on multiple sites, a hacker can have a field day if they manage to compromise the user's email.
Instead of sending the actual password, generate a link the user will click on to type in a new password. This will protect the original password from being discovered. You could also generate a temporary password and pass that on in an email, but a link is a little cleaner and easier for the end-user. Plus, the process forces them to re-enter a password they're going to remember.
Al Bsharah: Twitter / Blog
Aholics.com: Twitter / Facebook
Jeepaholics Anonymous Forum
Embarke.com - We Fix Online Groups