Forgot Password Cheat Sheet

Revision as of 15:45, 1 March 2011 by Jmanico (talk | contribs) (Authors and Primary Editors)

Jump to: navigation, search


This article provides a simple model to follow when implementing a "forgot password" web application feature.


1) Gather Identity Data

2) Verify Security Questions

3) Send a Token Over a Side-Channel

4) Allow user to change password

Related Articles

Fishnet Security - Secure Forgot Password

OWASP Cheat Sheets Project Homepage

Authors and Primary Editors

David Furgeson - David.Ferguson[at]
Jim Manico - jim[at]