Home
ASP.NET Forums » General ASP.NET » Security » A question about Passwordrecovery wizard

A question about Passwordrecovery wizard

Last post 04-08-2009 12:30 PM by shehzad.chhipa. 1 replies.

Sort Posts:

  • A question about Passwordrecovery wizard

    04-08-2009, 10:12 AM
    • Member
      32 point Member
    • elshorbagy
    • Member since 08-15-2008, 12:48 PM
    • Posts 59

     Hello,

    Users create account using membership control,and passwords are Hashed. I'm using passwordrecovery control to reset the user password if they forgot it by asking them for email.

    The problem is that if I know someone's email, I can rest their password. I want the passwordrecovery to send an email with a link to the user. And when the user clicks on the link the password changed. I don't want to use the secret question method. Any help???

    Thank you

    Get the maximum security with Kaspersky Internet Security 2010 http://notechsoft.com/security.asp?p=3

  • Re: A question about Passwordrecovery wizard

    04-08-2009, 12:30 PM
    • Member
      40 point Member
    • shehzad.chhipa
    • Member since 04-07-2009, 3:38 PM
    • Ahmedabad, Gujarat, India
    • Posts 10

    Hello,

    The password recovery wizard also asks you to provide the secret answer for the question you provided during user creation.

    So just knowing the email wont work for recovering password, and so it's quite safe.

    Regards,

    MSP Sig
Page 1 of 1 (2 items)
RSS Available

Contact | Advertise | Issue Management by Axosoft's OnTime | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.