Forgot Password functionality [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 9 years ago.

Improve this question

I have searched and viewed most of the other questions and answers about implementing forgot password functionality on a website.

However, we have a unique situation. When a user registers and account and uses their company-based email as the main email account, how can implement a forgot password scheme if they no longer work for that company and can't access that account?

We currently send an email with a reset link to their primary email account. Most do not have secondary account and We do not want them to be able to enter just any email address to send the link to.

Is there an easy scheme whereby we can have the user enter some information and be taken to a page where they can be allowed to change the email address to send the reset link? BTW, we do not want to use/store security questions.

How has this kind of thing been done before? I can't really see any sites that do this because most of them require to send an email to the user's account.

Answer 1

If you don't want to require an alternate email, or security question(s), or a SMS/cell phone number from the user on signup then you'll be stuck with users that have orphaned accounts.

Here's something you could try, but users will still forget to print it out or not care.

• When a user signs up, give them a one time use "secret token" (basically a serial number)
• • Tell them to print it out and keep it safe
• • Allow them to use the "secret token" to reset their email address
• • Once they verify their new email address, remove the old "secret token" and send them a new one