Vault of Knowledge - A place where I take notes

T

Toggle Directory Tree Pane

Toggle Table of Contents Pane

x

Retro Emulation

Money

Image Colour Appearance Models

Printers

Sound Engineering

Metaphysics

Combustion

Aeronautical Engineering

Astronautical Engineering

Vehicles

Abstractions of Electronics Engineering

Strength to Weight Ratio

Mechanical Manufacturing

VPS Security

Generative Modelling Language

Flutter Tools

Chrome Extensions

AR Frameworks

NumPy
SciPy

RAID

GNU's Not UNIX

Smartphones

Temperature

Spintronics

Dynamic Range

Standards Organizations

Placeholder Note

Placeholder Note

India Pakistan Current Affairs

Russo-Ukraine Conflict

Why Conservative Arguments are Loaded

Index of Studying Social Problems

Trying to Understand Family Trees

Placeholder Note

Knitting and Crocheting

Do Martial Arts Like Tai Chi Work

Sailing

Scuba Diving

Audiophile Stuff

Timeline of Geological History

Using Jira

For Visual Content

Home / 🔮 world building / science and engineering / information and communication technology / information security / Password Reset Mechanism

Password Reset Mechanism

Password Reset Mechanism

Tips:

Optional: Challenge question
Optional: 2FA for reset too
Reset only after confirmation
Use captcha
Password reset link with embedded GUID with expiry
Delete token after reset
Include reset warning in email
Only allow reset by email
Send email after reset too
Monitor cancellations
Use HTTPS

NOTE: Email is not E2EE. SMTP-TLS is E2EE between a user and a server, not between users. Signal protocol, for example is.

More (similar) info: https://www.troyhunt.com/everything-you-ever-wanted-to-know/

Left-click: follow link, Right-click: select node, Scroll: zoom

x