N
news.sbcglobal.net
If I understand correctly, by default, ASP.NET 2.0 hashes the user password
and this hashed password is unintelligible to the user (and unusable) when
it is sent by the Password Recovery control. By default, this control
resets the user's password to something random but I've never been able to
figure out how that is useful. I can't tell (by looking at the database)
what the new password is and the user certainly doesn't know what it is.
This makes no sense to me (from a usability perspective) so I'm sure I must
be missing something.
My question is, how does the user know what his/her password has been reset
to? I would prefer to send the user their password by email which means
that I have to change the way it is stored in the database and change my
site configuration to do this.
Does anyone have a link to a useful resource to help with this?
Thanks!
and this hashed password is unintelligible to the user (and unusable) when
it is sent by the Password Recovery control. By default, this control
resets the user's password to something random but I've never been able to
figure out how that is useful. I can't tell (by looking at the database)
what the new password is and the user certainly doesn't know what it is.
This makes no sense to me (from a usability perspective) so I'm sure I must
be missing something.
My question is, how does the user know what his/her password has been reset
to? I would prefer to send the user their password by email which means
that I have to change the way it is stored in the database and change my
site configuration to do this.
Does anyone have a link to a useful resource to help with this?
Thanks!