Quote:
Originally posted by Lane
generate the new pass.. encrypt in with a one-way algorithm, put it in the database, and also email it to them (or display it on the page or whatever) .. there you have it, you have given them the new pass and its also one-way encrypted in the database.. they now need to enter the new pass to be able to change it to something else..
thats the common way of doing it
...or during the reset process, you can have them choose what pass to reset it to..
|
thanx lane i will do that.. just allow them to change it o a familiar password once they log in