Alot of web sites offer the chance to reset your password. If you've forgotten your password you can say you've forgotten your password. Then the site usually does one of the following:
Send the password via email
Reset the password and send the reset password via email
Can emails not be sniffed for text such as the text of the password in the email. How can you encrypt the email? Is there anything you can do?
03-08-2007, 11:47 PM
What I would do is give them a temporary link that allows them to reset their password. They would have to use the site's interface to reset it rather than have it in an email. Secret questions are often good ways to make sure its that person changing their password.
03-09-2007, 12:00 AM
yes good idea maybe a link with a hashed get query string such as