Home » Blog » Password Recovery Mechanism
Password Recovery Mechanism
Website that has membership feature will have (should!) have this feature. In most cases, the mechanisms are almost the same. Something like this:
- User visited a password reminder request page.
- Fill in account-related field — can be username, email address, or combination of both values.
- If the data is recognized, a confirmation email will be sent to user’s email address.
- User will receive an email to confirm whether he/she want to reset/retrieve a new password.
- If user really want to do it, they will follow a link, their password will be reset. Website will send a newly generated password, OR the original password (depending on the website program)
Of course, that’s not the exact order, but usually there are similar steps: request, validate, and confirm.
But, today, I got different story. And, I think it’s pretty weird. I got an email telling me that my password is reset. In short: my password has changed, even I did not request to change/reset my account password. See the problem here?
This is a nightmare because everyone — who knows about members’ username or email address — can abuse the account by changing users’ passwords in the system. Bad. Bad. Bad. This is wrong. Really wrong.
Recent blog entries
- 02.10.2010 at 09:24 Having New Challenge
- 12.30.2009 at 01:15 Do you like the situation when you’re right?
- 12.17.2009 at 01:33 Hello Texta Theme
- 12.05.2009 at 03:21 How to Send Your Web Designer to Hell?
Journal Archives
Contact us
Send your email to: hello@orangescale.com or use our handy contact form. You can write us in English or Bahasa Indonesia.
Subscribe to RSS
Find Us
We upload many photos at Flickr. You can
follow us at Twitter. For videoblog, we have orangebox.tv