Apr 5, 2012, 1:40 PM
Post #2 of 2
Re: [srhadden] Handling password resetting on a web site?
[In reply to]
Your plan is the route I would probably go. If you are developing the website yourself, you will likely need to design the forgotten password code to integrate into your current system, therefore custom code would be preferable.
An alternative would be to email the user a "one time" password, which expires after say 24 hours. Upon logging in with this one time password, they are asked to provide a new password. I would also store / check the users IP upon request / on change just to be extra secure.