Menu
I have an online registry of professionals with about 300 members. These are smart people, but non technical. Currently, if somebody forgets their email address, the system resends it to the email address they registered with.
The problem is that people change their email addresses over time, then forget their password, and can't receive the reminder.
I need to come up with a simple authentication system that allows people to recover their passwords even if they have changed email address.
I'm struggling to come up with anything that is even moderately secure that doesn't require the users email address.
Can anyone suggest anything?
975
Keep their mobile numbers for SMSing-- those might change less often or at least not in tandem with email addresses.
Also consider handling this case via manual support if the user base is only 300; but if you do so, don't forget to be diligent in whatever your manual verification method is. :)
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
