忘记密码:什么是实现一个忘记密码功能的最佳方法是什么? [英] Forgot Password: what is the best method of implementing a forgot password function?
问题描述
我想知道最好的方法是什么网站上创建一个忘记密码功能。我见过不少在那里,这里有几个或组合:
- 密码问题/答案(1或以上)
- 用新密码发送电子邮件
- 在屏幕上给新密码
- 通过电子邮件确认:必须点击链接来获取新密码
- 要求用户输入新的密码页
你会添加到忘记密码功能,什么样的组合或额外的步骤?我想了解一下他们是如何申请新的密码,以及如何最终得到它。
我在该密码不能被检索的主要经营;新密码必须给予/生成的。
修改我喜欢柯瑞说一下,如果用户名存在不显示,但我想知道什么,而不是显示。我想一半的问题是用户忘记了所使用的电子邮件地址,这显示某种不存在的消息是非常有用的。任何解决方案?
- 我个人发送一封电子邮件,链接到一个短期的页面,让他们设置新密码。使页面名称某种UID的。
- 如果不吸引你,然后把他们一个新的密码,并迫使他们改变它第一次访问也同样可以。
选项1是更容易。
I'm wondering what the best method is for creating a forgot password function on a website. I have seen quite a few out there, here are a few or combination of:
- passphrase question / answer (1 or more)
- send email with new password
- on screen give new password
- confirmation through email: must click link to get new password
- page requiring user to enter a new password
What combination or additional steps would you add to a forgot password function? I'm wondering about how they request the new password and how they end up getting it.
I'm operating on the principal that the password cannot be retrieved; a new password must be given/generated.
Edit I like what Cory said about not displaying if the username exists, but I'm wondering what to display instead. I'm thinking half the problem is that the user forgot which email address they used, which displaying some sort of "does not exist" message is useful. Any solutions?
- I personally would send an email with a link to a short term page that lets them set a new password. Make the page name some kind of UID.
- If that does not appeal to you, then sending them a new password and forcing them to change it on first access would do as well.
Option 1 is far easier.
这篇关于忘记密码:什么是实现一个忘记密码功能的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
