This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Forgot Password Cheat Sheet

From OWASP
Revision as of 06:13, 1 March 2011 by Jmanico (talk | contribs) (Related Articles)

Jump to: navigation, search

Introduction

This article provides a simple model to follow when implementing a "forgot password" web application feature.


Steps

1) Gather Identity Data

2) Verify Security Questions

3) Send a Token Over a Side-Channel

4) Allow user to change password

Related Articles

Fishnet Security - [Secure Forgot Password - http://www.fishnetsecurity.com/Resource_/PageResource/White_Papers/FishNetSecurity_SecureForgotPassword.pdf]

OWASP Cheat Sheets Project Homepage


V - T - E Cheat Sheets
Developer / Builder
Assessment / Breaker
Mobile
OpSec / Defender
Draft and Beta
All Pages In This Category

Authors and Primary Editors

Jim Manico - jim[at]owasp.org

Retrieved from "https://wiki.owasp.org/index.php?title=Forgot_Password_Cheat_Sheet&oldid=105968"