We are about to change the encryption method of a web application. We have hundreds of users and we will need to reset all their passwords. I have their name and email address of course.
It would be almost impossible for us to issue passwords individually. So considering we will run a query to set all passwords as 'null', keeping the username, what is the best practice to have them reset the password themselves so they can then login to the application.
The new password they enter will be encrypted with a new function. But my dilemma is how do I have all users reset their passwords ?
Do I provide them with a link ? how do I know it will be safe and secure that only they reset it, etc.