Chris Lofback wrote: > Hashing passwords may be the way to go, but how does everyone handle > emailing lost passwords to users? Just assign them a new password and force > them to use it? > > But I guess big sites (like Amazon) don't hash because they send the current > password.
We send users new passwords by regular mail. And if people are in a hurry or have an urgent desire to influence their new password they can always visit us and bring an ID and an applepie :) But I don't think this is a very scalable or even a desired model in all cases. Jochem ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
