Difference between revisions of "Forgot Password Cheat Sheet"

From OWASP
Jump to: navigation, search
m (Related Articles)
m (Authors and Primary Editors)
Line 22: Line 22:
 
= Authors and Primary Editors  =
 
= Authors and Primary Editors  =
  
 +
David Furgeson - David.Ferguson[at]fishnetsecurity.com
 
Jim Manico - jim[at]owasp.org
 
Jim Manico - jim[at]owasp.org
  
 
[[Category:Cheatsheets]] [[Category:OWASP_Document]]
 
[[Category:Cheatsheets]] [[Category:OWASP_Document]]

Revision as of 16:44, 1 March 2011

Contents

Introduction

This article provides a simple model to follow when implementing a "forgot password" web application feature.


Steps

1) Gather Identity Data

2) Verify Security Questions

3) Send a Token Over a Side-Channel

4) Allow user to change password

Related Articles

Fishnet Security - Secure Forgot Password

OWASP Cheat Sheets Project Homepage

Developer Cheat Sheets (Builder)

Assessment Cheat Sheets (Breaker)

Mobile Cheat Sheets

OpSec Cheat Sheets (Defender)

Draft Cheat Sheets

Authors and Primary Editors

David Furgeson - David.Ferguson[at]fishnetsecurity.com Jim Manico - jim[at]owasp.org