Geek Answers Handbook

Forgot password templates or methods? ¿Template names?

I, my friend, just posted a question on Buzz:

When you click "Forgot Password" on most pages, they will send you an email with a link (most of the time it expires after sometime) before resetting your pass. In most cases, the link includes something like a UUID. Is there a name for this technique? Creating a valid URL / link? The way I do this is just generating a UUID or something simpler and doing all the obsolete things programmatically. I wonder if there is a name for this kind of technique?

After reading his question, I am now interested in learning about this, has this method already been named, or, is it better, is it already considered as a template for the global community?

+6
design-patterns login forgot-password
source share
3 answers

You can call this self-service password reset with an authentication token.

Resources:

+3
source share

I believe the name of the user interface template is "Password reset template" or "Forgot password."

One of the worst implementations is the answer to the “security” question to reset your password, because they are really insecure because the link that Colin Hebert points to speaks .

One of the best implementations is Amiando, which asks for the user's email address and new password, and then sends an email confirmation to confirm the new password. Learn more about this blog.

It is very important that the user confirms their identity through e-mail or other personal media, such as SMS on a mobile phone (less common).

Other examples of implementing this template here .

+2
source share

This is the basic template that I use in my application:

  • User enters username or email address and clicks "Reset Password"
  • A one-time token URL sent by email to this user (this may expire in a few hours).
  • The user must click the link by email.
  • Then, the user sends an email with a randomly generated password upon confirmation.

They can then log in using this password or change it after logging in (optional)

I think this is the best in terms of security, and also easy to use for the end user.

0
source share

More articles:


All Articles