Slide 18
Slide 18 text
CC Attribution-ShareAlike 3.0 Unported License by Er Galvão Abbott - 11/8/14 - 18 / 34
Implementing Security Routines with Zend Framework 2 www.galvao.eti.br
Checklist
1. User doesn't “need to change pwd” already;
2. User is “active”;
3. Randomize a temporary pwd;
4. Randomize a temporary, short-life, token;
5. Send a tokenized link for the user to change his pwd;
6. He must correctly enter the temp pwd;
7. Until he does, don't allow him to login;
8. If the new pwd and/or token expires, inactivate, make him
contact support;
9. Else, change the pwd, mark the user as “OK”.
10. If any step fails, see step 8!
Password Recovery
For your randomization needs: https://github.com/galvao/PHPToolkit*
* Shameless advertising detected!