Handling Forgotten Passwords

Humans are a forgetful species. Many of us consider ourselves lucky if we can remember our children's names, much less a password we selected for a site that we visited six months ago.

Any good e-commerce site will include a way to retrieve a forgotten password. Some have opted for questions, such as “What's your favorite animal?” to serve as a secondary question that you can answer to reset or be reminded of your password. The problem with that approach is that the user could very well forget what the answer to the second question is as well.

The gold standard for lost passwords is to e-mail the password to the address of record for the account. The theory is, if a user has lost control of his e-mail account, he ...

Get MySQL™ and JSP™ Web Applications: Data-Driven Programming Using Tomcat and MySQL now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.