security - Forgot Password functionality -
i have searched , viewed of other questions , answers implementing forgot password functionality on website.
however, have unique situation. when user registers , business relationship , uses company-based email main email account, how can implement forgot password scheme if no longer work company , can't access account?
we send email reset link primary email account. not have secondary business relationship , not want them able come in email address send link to.
is there easy scheme whereby can have user come in info , taken page can allowed alter email address send reset link? btw, not want use/store security questions.
how has kind of thing been done before? can't see sites because of them require send email user's account.
if don't want require alternate email, or security question(s), or sms/cell phone number user on signup you'll stuck users have orphaned accounts.
here's try, users still forget print out or not care.
when user signs up, give them 1 time utilize "secret token" (basically serial number) tell them print out , maintain safe allow them utilize "secret token" reset email address once verify new email address, remove old "secret token" , send them new one security passwords change-password
No comments:
Post a Comment