Posted by Gordon Burditt on 11/15/77 11:50

>I the system I had in mind did involve 'resetting' password, I just wanted
>some ideas on how best to implicate it and the associated risks.

Keep in mind that a "forgotten password" link can be used to mail-bomb
a user with emails giving them links to reset the password, regardless
of whether anyone ever knows or tries to use the password ever
again.

If you're emailing the user a link to use to reset his password,
keep in mind several things:

- The link should expire after a relatively short period of time (e.g. 3 days)
- You should limit the number of such active links at a time for any one
user (but the limit probably shouldn't be *1*, as the first one may get
lost in the user's spam filter).
- Use good random numbers as identifiers for the link, preferably not based
on the time the "forgot password" link was clicked and not based on
user personal information.
- The link should expire immediately if it is used successfully.

Gordon L. Burditt

[Back to original message]