This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Forgot Password Cheat Sheet"

From OWASP
Jump to: navigation, search
m (Created page with "= Introduction = This article provides a simple model to follow when implementing a "forgot password" web application feature.<br> = Steps = == 1) Gather Identity Data == ...")
 
m (Related Articles)
Line 16: Line 16:
 
= Related Articles  =
 
= Related Articles  =
  
OWASP - [| Fishnet Security Secure Forgot Password http://www.fishnetsecurity.com/Resource_/PageResource/White_Papers/FishNetSecurity_SecureForgotPassword.pdf]  
+
Fishnet Security - [Secure Forgot Password - http://www.fishnetsecurity.com/Resource_/PageResource/White_Papers/FishNetSecurity_SecureForgotPassword.pdf]  
  
 
{{Cheatsheet_Navigation}}
 
{{Cheatsheet_Navigation}}

Revision as of 06:13, 1 March 2011

Introduction

This article provides a simple model to follow when implementing a "forgot password" web application feature.


Steps

1) Gather Identity Data

2) Verify Security Questions

3) Send a Token Over a Side-Channel

4) Allow user to change password

Related Articles

Fishnet Security - [Secure Forgot Password - http://www.fishnetsecurity.com/Resource_/PageResource/White_Papers/FishNetSecurity_SecureForgotPassword.pdf]

OWASP Cheat Sheets Project Homepage


Authors and Primary Editors

Jim Manico - jim[at]owasp.org