Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Automatic login after password reset?

Tags:

user-interface

security

passwords

web-applications

usability

I'm working on a new password reset workflow on a website, and i am wondering if there are any best practices on the topic of logging in after a password reset. Once the new password has been entered by the user, should they need to click login and enter their username and new password or be automatically logged in? Personally I prefer them to log in after resetting the password so that their browser has a chance to update its saved passwords. Automatic login just seems insecure to me. Are there any other thoughts on the subject?

like image 344
agabel Avatar asked Dec 30 '25 01:12

agabel

1 Answers

Basically I'd recommend having one log-in entry point to your application. Although this additional log-in creates a burden on the user.

I'd say the benefits overcome this:

  • Easy to track log-in activities
  • If you want to apply some log-in rules like CAPTCHA, you will apply them in log-in page only.
  • Browsers password management can identify the password entered only in log-in.
like image 148
Tal Avatar answered Jan 01 '26 04:01

Tal
Sign in to Comment

Related questions

Is it safe to briefly have a user's password in memory in plain text?
Client Cross Frame Scripting Attack resolution
.htaccess for IIS?
Can a Thread be executed as another user? (.NET 2.0/3.5)
Is it possible to have a C# Winform with in-built Anti-Keylogger?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!