I was wondering what would be the safer option when users have forgotten their password
Or
Aside from the fact the latter uses an extra table, what do you think is safer/better practice?
A good password reset link should last for 1 hour at most, this gives enough time for users with different browsers or devices to be able to access it. However, there are some instances when it may be beneficial to have a link that lasts longer or shorter than an hour.
So if your customer says, “I can't log in!” ask them how they accessed the sign-in page. If they are in the right place, send them a reset link. Send them the correct sign-in link if they're in the wrong place. Verify their email address to make sure they receive the password reset email.
Password reset emails are some of the most succinct emails you can send. Generally speaking, they have one goal: to help users securely re-establish access to their accounts. In most cases, that will be through sending a password reset link.
If you send an email containing the password, it means :
So, sending the password in an email doesn't seem that safe...
As a user, I would feel my password is "safer" with the link that contains some kind of token and expires after a while.
That "expires after a while" part is important, btw : it makes sure that if someone clicks on the link after some time (for instance, someone who accesses the user's mailbox), the link will not be used to generate a new password.
Of course, this means I won't be able to just "search in my mail box" to find the password -- but I can always ask for a new one I have forgotten it again ^^
Rather baffled by the other answers here. They're exactly the same. Both give access to the user's account, both are sent in plain text, and both are in common use. Pick whichever you prefer.
Enforce an immediate password change once they use the link/password, and have the link/password expire after 24-72 hours.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With