ĭo not use the hash of a property of the user’s account (e.g.This means using cryptographic pseudo-random number generation functions as opposed to system functions like srand(). Use strong pseudo-random values for recovery tokens. Requiring access to e-mail to receive the recovery link is a stronger indicator that only the legitimate user will receive the link. Being able to reset a password based solely on answering questions is prone to brute force guessing.
Do not rely on secret questions to prove identity they tend to have less entropy than passwords. What is your quest? What is your favorite color?) as barriers to having a password recovery link e-mailed. On the third hand (see, this is complicated), password recovery inevitably relies on trusting the security of e-mail. On the other hand, the recovery mechanism cannot be too burdensome for users or else they may abandon the site. On one hand, the site must ensure that password recovery cannot be abused by hackers to gain access to a victim’s account. Enabling users to recover forgotten passwords stresses the difficult balance between security and usability.
