Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.
Is it more secure to change a forgotten password with a token or to send a one-time password in plain text?
I inherited web software where the forgotten password page sends a new password to the user by email. I plan to change that and I am now searching for arguments why one of the two methods below (or something else) could be better in terms of security.