Message Board
| Message Board > Malarkey > Resending Lost Passwords |
| October 25, 2005, 13:39 | |
|
PEader
お前はもう死んでいる 1486 posts 
|
Wehn dealing with a web site and you've forgotten your password, which do you prefer: 1.)Password resent to original email registered with 2.)New Password generated and sent to registered email address ____________ I see 57,005 people. |
| # | |
| October 25, 2005, 13:48 | |
|
Frimkron
Frustrated Megalomaniac 703 posts 
|
The first one isn't an option as they're all MD5'd in the database. Do we not have a forgotten password feature yet? If not I'll add it to the list. ____________ |
| # | |
| October 25, 2005, 15:13 | |
|
PEader
お前はもう死んでいる 1486 posts
|
Quoting Frimkron: The first one isn't an option as they're all MD5'd in the database. Do we not have a forgotten password feature yet? If not I'll add it to the list. I'm talking about in general, not for Boolean Soup. ____________ I see 57,005 people. |
| # | |
| October 25, 2005, 15:29 | |
|
PB
Defender of the faith 630 posts 
|
In general I'd prefer to be sent my original password, because otherwise my password is gone when someone else is requesting my password. And if someone reads my mail to find out what my password is, they'd find out anyway (only then they have an other password then I'd originally register).
____________ |
| # | |
| October 25, 2005, 15:40 | |
|
PEader
お前はもう死んでいる 1486 posts
|
The problem isn't necessarily the reading of your email but the sending of a password in an unencryppted format over the internet.
____________ I see 57,005 people. |
| # | |
| October 25, 2005, 15:51 | |
|
DTM
Earthling! 821 posts 
|
Quote: In general I'd prefer to be sent my original password, because otherwise my password is gone when someone else is requesting my password. Send a link to reset the MD5-ed password. With an ignore/report message if its not you. ____________ :o |
| # | |
| October 25, 2005, 18:02 | |
|
Frimkron
Frustrated Megalomaniac 703 posts
|
Couldn't that link be used to bugger up someone else's account?
____________ |
| # | |
| October 25, 2005, 18:08 | |
|
PEader
お前はもう死んでいる 1486 posts
|
Quoting Frimkron: Couldn't that link be used to bugger up someone else's account? You store an md5 value or otherwise in the get values of the link so it will only apply to one account. There are numerous ways to do it. Usually I generate and store a unqiue value in the database (when the new password is requested) for the user and then md5 it with something else in the user table. Then when the user clicks the link validate the md5 is the same. [Edited on October 25, 2005 by PEader] ____________ I see 57,005 people. |
| # | |
| October 26, 2005, 13:36 | |
|
Fiona
games are terrible -9616558 posts 
|
I'll just do what I do for FSBoard which is: 1) Supply username. 2) Link is set to e-mail with a seperate code in the e-mail. 3) You enter the code nabbed from the e-mail into a form. 4) It then asks you want your new password to be. ____________ laffo |
| # | |
| October 26, 2005, 14:23 | |
|
Frimkron
Frustrated Megalomaniac 703 posts
|
Ingenius
____________ |
| # | |
Message Board > Malarkey > Resending Lost Passwords