Password recovery with email hash

Announcements, comments, ideas, feedback, and "How do I... ?" questions
Post Reply
User avatar
Posts: 14
Joined: Mon Sep 16, 2013 1:47 pm

Password recovery with email hash

Post by rodiongork »

sorry if this was already suggested - haven't found it at once

Probably it would be good to re-implement password recovery via email, but without storing emails.

The site could ask email on registration, but neither verify nor store it. Rather only hash of email is stored.

So when user wants to recover account with forgotten password, site asks to "enter email" once more and if the hash of email address matches - sends temporary password, or password reset link to this address.

This requires some efforts to implement, of course, but probably it may save efforts on managing cases with lost accounts :)
Post Reply