English 中文(简体)
重新定型密码功能的特点(一波克、一用、24小时、?)
原标题:Features of reset password functionality (one-click, one-use, 24 hours, ???)

我们重新树立了一个特点,使用户能够在无法利用其账户时重新撰写其密码。 我们要求他们的电子邮件地址(他们用来向现场进行伐木),寄给他们一个具有独特联系的电子邮件。

问题是:

  1. Should the link expire on first-click or should the link expire on first-use (ie, they reset their password successfully)?
  2. Should the link have 24 hour validity (or something similar)?
  3. Should the user be logged in after he clicks that link?
最佳回答
  1. The link should expire after they have reset their password successfully. If somehow the user ended up needing guidance on a password reset and wanted to return later, they should be able to.
  2. That being said the reset should expire eventually, 48 hours?
  3. Yes they should be logged in after a password reset, otherwise there is another frustrating step in the way of your user doing what they came to do on your site.
时间:2011-06-04 02:00:37
问题回答

  1. 链接应在密码改动后到期。 如果你在第一次点击线上过期,这会造成问题。 我要说的是,我是坏的互联网连接,而一页的 did子完全是我的浏览器。 我重新上下页,说链接已经过期。 我很高兴看到这一点。

  2. 是的,你应当把这一联系限制在一段合理的时间。 24小时看得足够合理。 如果你不限制联系寿命,首先,你必须永远储存所生成的补贴,其次,你将这种联系维持得越长,袭击者越有可能偷窃这种联系,从而导致偷窃账户。

  3. You should let user in only after user changes his/her password. If you just log them in, they probably will decide that they don t have to change password anymore. This way they can keep logging into the system forever without ever changing/knowing their password.

时间:2011-06-04 01:59:27


上一篇:
下一篇:


相关问题
Encrypting SALTEDHASHED weblogic password in java

How to encrypt SALTEDHASHED password (used by Weblogic) in java? I need to be able to hash passwords in exactly the same way as WebLogic s authenticator does. Preferably without using WebLogic s ...

时间:2009-11-26 08:21:40 回答:1 展示:1
Should I support Unicode in passwords?

I would like to allow my users to use Unicode for their passwords. However I see a lot of sites don t support that (e.g. Gmail, Hotmail). So I m wondering if there s some technical or usability ...

时间:2009-11-25 15:39:36 回答:10 展示:1
Why does my method return a null password?

I have two classes: a Generator class and a SystemManagement class. The Generator class, I can generate a password. The SystemManagement class imports Generator (from another package) and includes ...

时间:2009-11-20 14:52:33 回答:5 展示:1
How to mask password in c?

In C, I want to display every single character that the user type as * (Ex, Please type in your password: *****) I m searching around but can t be able to find a solution for this. I m working on ...

时间:2009-11-18 06:16:19 回答:4 展示:1
MySQL password function

Is it considered good or bad practice to use MySQL s password function to hash passwords used by an application? I can see pros and cons. I m curious if there is a general consensus on whether it is ...

时间:2009-11-17 19:24:02 回答:4 展示:1
How should I store a user s LDAP password in a cookie?

So I have this black box authentication method, handed down to me from the accounts people, which basically amounts to ldap_bind($connection, $username, $password). But of course, I want my users to ...

时间:2009-11-15 10:32:59 回答:2 展示:1
Simple JAVA: Password Verifier problem

I have a simple problem that says: A password for xyz corporation is supposed to be 6 characters long and made up of a combination of letters and digits. Write a program fragment to read in a string ...

时间:2009-11-13 15:40:44 回答:5 展示:1
Password protect a simple web site

I ve got an HTML-only website (with a bit of inconsequential javascript). The static pages are generated from a photo-blogging program that I created. There are hundreds of pages and thousands of ...

时间:2009-11-10 13:40:21 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全