Difference between revisions of "Forgot Password Cheat Sheet"

From OWASP
Jump to: navigation, search
m (Authors and Primary Editors)
m (Authors and Primary Editors)
Line 22: Line 22:
 
= Authors and Primary Editors  =
 
= Authors and Primary Editors  =
  
David Furgeson - David.Ferguson[at]fishnetsecurity.com
+
David Furgeson - David.Ferguson[at]fishnetsecurity.com<br/>
 
Jim Manico - jim[at]owasp.org
 
Jim Manico - jim[at]owasp.org
  
 
[[Category:Cheatsheets]] [[Category:OWASP_Document]]
 
[[Category:Cheatsheets]] [[Category:OWASP_Document]]

Revision as of 15:45, 1 March 2011

Introduction

This article provides a simple model to follow when implementing a "forgot password" web application feature.


Steps

1) Gather Identity Data

2) Verify Security Questions

3) Send a Token Over a Side-Channel

4) Allow user to change password

Related Articles

Fishnet Security - Secure Forgot Password

OWASP Cheat Sheets Project Homepage


Authors and Primary Editors

David Furgeson - David.Ferguson[at]fishnetsecurity.com
Jim Manico - jim[at]owasp.org