Improved security for passwords in emails

Idea created by johnnyglenn on Oct 9, 2015
    Under review
    Score0

    In order to initialize a password for first time or reset a password, a link with a One Time Password (OTP) with a high level of entropy should be sent rather the current functionality where the new password is sent in clear text via email.

     

    The OTP must have a short lifetime (e.g. 10 minutes). If the user does not reset his password within the OTP lifetime, the OTP must be invalidated and the user must start the password reset process once again.