Hi all ,
I was wondering is there is a way of implementing forgot password functionality without sending email to the user. My application uses registration and authentication via database.Therefore, I didn’t want to implement email confirmation of registration at this stage. Does anybody has a pointer on this matter?
Thanks in advance.
Well, for it to be possible at all depends on what method you used to hash your passwords. This is often one-way encryption so you won’t be able to display the password to the user.
In this case you need to change the password.
Regardless of the above, without emailing the user you would need some kind of password hint that the user must enter. You’ll have seen this before, like “what was the name of your first pet?”.
For security’s sake though, I would stick to the email method.
Thanks outrage,
I would probably need to implement registration confirmation via email so that I can incorporate password hint question and answer and reset the password. Again thanks for your insight on this issue.