[thelist] hashing stored passwords (revisited)

David Dorward evolt at david.us-lot.org
Wed Jun 25 15:40:10 CDT 2003


On Wed, Jun 25, 2003 at 04:11:55 -0400, ted serbinski wrote:
> The only question I have with hashing a password is, what if a user forgets
> his/her password?

> So how do you guys get around this?

Provide a form for the user to enter their email address. Generate a
random key and email it to them. Give them access to a "set a new
password" prompt when they enter that key (by following the link in
the email).

-- 
David Dorward                                     http://david.us-lot.org/
         Redesign in progress: http://stone.thecoreworlds.net/
  Microsoft announces IE is dead (so upgrade):
http://minutillo.com/steve/weblog/2003/5/30/microsoft-announces-ie-is-dead


More information about the thelist mailing list