I have always wanted to get some advice on the best way to manage forgotten passwords, it would be great to hear your thoughts.
I want a user to input their domain name and receive the option to update their password in the most secure way possible.
I like the way facebook emails you a link to an update password page but i need to know what is going on behind the sceens as their URL contains a few additional values and im sure there are some additional security feature in there!!
Any suggestions on a workflow/ framework would be great!
Many thanks in advance