Difference between revisions of "Password reset strategy"
From DarkWiki
(Created page with "==Introduction== As part of standard operating procedure, the system needs to help users who have forgotten their password or user id in a simple and secure fashion, without...") |
(→Process) |
||
| Line 9: | Line 9: | ||
* The user has forgotten their '''user name''', or | * The user has forgotten their '''user name''', or | ||
* The user has forgotten their '''password'''. | * The user has forgotten their '''password'''. | ||
| + | |||
| + | We do not need to care about which piece of information they have forgotten. We will use their registered email address to send them a link allowing them to set their password. | ||
| + | |||
| + | * Users do not like automatically generated passwords | ||
| + | * Sending a new password or a one-time password in an email is insecure | ||
| + | * The password reset link inside the email will only be used: | ||
| + | ** For a short period of time (e.g. 48 hours) | ||
| + | ** Until such time as the password has been reset | ||
| + | * The password reset link will be secure, and any modification must be detectable | ||
| + | ** The user's mailbox may be compromised in the future; the link must not be modifiable (e.g. by changing the username, timestamp etc) | ||
Revision as of 14:46, 10 August 2017
Introduction
As part of standard operating procedure, the system needs to help users who have forgotten their password or user id in a simple and secure fashion, without any interaction of support staff.
Process
There are two possible initiators:
- The user has forgotten their user name, or
- The user has forgotten their password.
We do not need to care about which piece of information they have forgotten. We will use their registered email address to send them a link allowing them to set their password.
- Users do not like automatically generated passwords
- Sending a new password or a one-time password in an email is insecure
- The password reset link inside the email will only be used:
- For a short period of time (e.g. 48 hours)
- Until such time as the password has been reset
- The password reset link will be secure, and any modification must be detectable
- The user's mailbox may be compromised in the future; the link must not be modifiable (e.g. by changing the username, timestamp etc)
