Difference between revisions of "Forgot Password Cheat Sheet"

Jump to: navigation, search
m (Related Articles)
m (Related Articles)
Line 16: Line 16:
= Related Articles  =
= Related Articles  =
Fishnet Security - [Secure Forgot Password | http://www.fishnetsecurity.com/Resource_/PageResource/White_Papers/FishNetSecurity_SecureForgotPassword.pdf]  
Fishnet Security - [http://www.fishnetsecurity.com/Resource_/PageResource/White_Papers/FishNetSecurity_SecureForgotPassword.pdf | Secure Forgot Password]  

Revision as of 01:14, 1 March 2011


This article provides a simple model to follow when implementing a "forgot password" web application feature.


1) Gather Identity Data

2) Verify Security Questions

3) Send a Token Over a Side-Channel

4) Allow user to change password

Related Articles

Fishnet Security - | Secure Forgot Password

OWASP Cheat Sheets Project Homepage

Authors and Primary Editors

Jim Manico - jim[at]owasp.org