Provide a password recovery mechanism
Need to provide a fairly secure password recovery mechanism based on user's email address.
See what ideas are being used. Examples:
1) Secret - not ideal.
2) Message sent to user's e-mail allowing them to click on a "secret" URL that will reset their password to one provided at the URL. URL in message is only valid for ??? amount of time after being sent/triggered.
Steve O'Neal commented
Forgot my password, can't log in and there's no way to recover my password.
Paul Clark commented
Please send me a link to reset my password. I am entering it correctly but it will not allow me to sign in