The Robertson Team






















  Programmers' Tools >  AccessMonger Pro >  FAQ >  If I Forget My Password Will AMPro Send It To Me?

If I Forget My Password Will AMPro Send It To Me?

In the words of Dr. Evil:

How about: NO!

It is frightening to see how many password systems make this gigantic mistake.  You go to all sorts of trouble to secure your application; jumping thru one hoop after another, building the perfectly ironclad little fortress... and when someone forgets a password (which happens all the time) you send it to them in the clear via email?

Can we find a less secure way to do that?  Maybe sky-write it in the clouds, or run it every 1/2 hour on CNN?

AMPro will let a user who has authenticated themselves properly -- after receiving a special email at their inbox containing an encrypted, time-limited link and answering their top-secret, self-set security question -- to *change* their password.

This gives the forgetful user a self-service, don't-bother-the-admin method of gaining immediate re-entry without creating a giant security hole in the process.

The Robertson Team,
1.559.360.1717 is a leader in ColdFusion web hosting and managed dedicated servers.