We need to provide a way to reset password for users who are using our website. The typical way is to send email to the user and ask to click on the link to reset.
The issue is that we don't want to run a mail server just for the purpose of resetting password. Is there other clever way of reseting password without having to mail the user?
EDIT: This is for users who forgot their passwords.
You need some way to validate the user's identity to prevent other people resetting the password. Perhaps you could get them to set up some questions (like mother's maiden name, favourite colour) when they sign up. They can only reset their password if they correctly answer the questions.
You can immediately expire their current password and require them to change it next time they login. A couple of password reset systems do this.
EDIT: Since this is for users that forgot their password rather than a forced change, you should just take them directly to the link you would have emailed them anyway when they forgot their password. Make them enter an e-mail address they registered with and some other data you can validate with. Basically, what the other answers said.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With