The Blog

Lost password reset software design pattern

07 Apr 12

When you build a new Service-Website from scratch you’ll probably have to face with this. Passwords are the most sensitive data we have and your application should behave securely enough to maintain user’s data private!

Some time ago you it was a common pattern to store the user password as plain text ( or with some Symmetric-key algorithm ). This let the user to retrieve their password withouth setting a new one.

From this pattern a fork was born which required to answer a predefined question in order to make the application send the password back to the user.

It seems these patterns are not used anymore in favor of the actual one which involves a more structured application/user flow in order to let the user regain access to the application. I’m talking about password reset.

The new way

Read More