Subject:
|
Re: change password & lost password
|
Newsgroups:
|
lugnet.admin.suggestions
|
Date:
|
Fri, 12 Apr 2002 19:14:22 GMT
|
Viewed:
|
1171 times
|
| |
|
|
In lugnet.admin.suggestions, William R. Ward writes:
> The "forgot my password" link should appear on the login page. If you
> click it, it should take you to a page where you can enter your member
> number (if you forgot *that*, then maybe a way to search by e-mail
> address or real name?). The most secure method that I'm aware of
> involves sending an e-mail to the user with a special URL that they
> can then visit to enter a new password. Once they have done so, that
> special URL is no longer valid. This way the password is never sent
> in e-mail.
How is sending a URL better than sending a password? I assume that once you
get a new password in the mail, the first thing you do is change it anyway,
right? So what's the difference?
Dan
PS. I agree that sending passwords in plaintext is bad, btw.
|
|
Message has 1 Reply:
 | | Re: change password & lost password
|
| (...) Note that when I wrote that, I didn't know you *could* change the password on LUGNET. I had previously searched for a "change password" link without success. But the URL is only good for a limited time; if you want to have it send a password (...) (22 years ago, 13-Apr-02, to lugnet.admin.suggestions)
|
Message is in Reply To:
| | change password & lost password
|
| Almost every website that uses passwords has an ability to change the password, and a "Forgot my password" link on the login screen. LUGNET doesn't (that I can find, anyway). I think this is a serious shortcoming, since the only way to get a (...) (22 years ago, 12-Apr-02, to lugnet.admin.suggestions)
|
5 Messages in This Thread:
  
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
