What is the best way to implement the forgot password functionality ?
Master Mascus
0
Light Poster
stbuchok
Allow them to click a button that sends them an email. In that email is a link to a page that allows them to change their password. There should be a GUID of some kind in the querystring that identifies that user and is only valid for a certain period of time.
No passwords in your database should be unhashed which is why you shouldn't be able to email the password to them and why they need to reset it.
Another way is for you to delete their old password and create a new one for them and email the new one to them and let them know that they should log in and change it ASAP. These should still be hashed and should be completely random when you create them.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.