Password Reset Requests

| |

Home

This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.
Products
This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.
- Mobile Applications
  
  Data Springs Forum iPAD app
  
  Forum Flow
  
  Opt In Text
- DNN Modules
  
  The Collection 6.0
  
  The User Management Suite
  
  Dynamic Forms
  
  Dynamic Registration
  
  Dynamic Login
  
  Dynamic Views
  
  Dynamic User Directory
  
  Dynamic Contacts
  
  Dynamic Image Rotator
  
  News Ticker
  
  Opt In Email
  
  Opt In Text
  
  Quick Poll
  
  Dynamic Info Cube
  
  Random Rounded Images
  
  Stock Quote
  
  Back on Track
  
  Dynamic News Ticker
  
  Dynamic Tags
  
  Interactive User Import
  
  Page Tags
  
  Presentation Archive
  
  Real Estate Listing
  
  Renewal Reminder
  
  Tailored Text / HTML
Services

This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.
Get Quote
This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.
- Request Quote For
  
  Custom DotNetNuke Module Quote
  
  Web Design Quote
  
  Software Outsourcing
  
  SharePoint Web Parts
  
  Mobile Programming
  
  Custom Software
Support
This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.
- Community Support The Data Springs Product Forums is an excellent resource where you can find solutions to questions previously encountered by other users. Each product has its own category to help you narrow your search. It also offers forums for enhancement requests, user guides and general information.
- Training Data Springs can offer additional training through our Premium Support hours. The training classes can either be held onsite or via web meetings which can be organized according to your preferences.
- Standard Support Data Springs strives to deliver excellent support for our customers. There are multiple ways of accessing support that are outlined below.
  
  Product Support Agreement
  
  Common Support Questions
  
  User Guides
  
  Upgrade Policy
  
  License Options
  
  Contact Support
- Product Demonstrations
  
  Dynamic Forms Tutorials
  
  SharePoint Web Parts Demonstrations
  
  Dynamic Login w/ Content Localization
  
  Opt In Email w/ Content Localization
  
  Dynamic User Directory
- Premium Support Premium Support is offered for additional requirements beyond what is covered in Standard Support. Find out more details below...
  
  Premium Support Options
  
  Premium Hourly Support
  
  Premium Monthly Support
  
  Premium Quarterly Support
  
  Misc Payments Form
Resources
This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.
- Beta Springs Beta Springs is a web site dedicated to quality control and improvement of the Data Springs products. Please visit this site and request access to setup and test any product specific issue or to review fully functional products before purchase.
- Other Resources
  
  Recommended Vendors
  
  Clothing / Apparel
- RESX Localization Translation RESX Translate is an easy to use service for providing translation services within Visual Studio and ASP.NET resources files (.RESX Extension).
- RESX Localization Spell Checker RESX Spell Check is an easy to use service for providing spell check services within Visual Studio and ASP.NET resources files (.RESX Extension).
- Articles & Information
  
  SQL Performance/Code Security Articles
  
  Moss 2007/ 2010 Articles
  
  Ajax AspDotNet JQuery Articles
  
  Drupal Wordpress and Joomla Articles
  
  SQL Server Visual Studio Articles
  
  Android / iPhone / Mobile Articles
  
  Internet Marketing Articles
  
  DotNetNuke Articles
  
  HTML 5 Getting Started w/ HTML 5
News
This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.
- In the Press Check out recent press releases for Data Springs products, events, and media relations.
- Blog An online diary and web log from staff and customers for premium DotNetNuke resources, Data Springs Modules, SharePoint Web Parts, Forum Flow, iPhone/Android Mobile Apps, and Data Springs Services.
- Newsletter Get current news and events the easy way! Select the newsletters you would like to receive or enter your email address to view/modify your subscription settings.
Training

This feature requires the Standard edition. You are running the Trial edition or your site domain is not associated with your license key. Please visit www.packflash.com to purchase an upgrade or add your domain.

Great Ideas. Always Flowing.

We are not happy until you are happy. Client satisfaction guaranteed. Whatever your needs and requirements, we have the skills and resources for the job!

DNN Modules

Dynamic Forms

Dynamic Login

Dynamic Registration

Dynamic User Directory

Dynamic Views

Dynamic Image Rotator

Dynamic News Ticker

Info Pics

Interactive User Import

Page Tags

News Ticker

Opt In Email

Presentation Archive

Quick Poll

Random Rounded Images

Real Estate

Stock Quote Module

Testimonials

Dynamic Tags

Tailored Text / HTML

Dynamic Info Cube

Back on Track

Dynamic Contacts

SnowCovered Top Sellers

Dynamic Registration 4.0

Frustrated over the lack of customization for your user's registration fields? Dynamically setup your DNN Portal with custom registration fields, layout, questions, and other core integration options......

Ultra Video Gallery 4

Ultra Video Gallery is a brother product of Ultra Media Gallery, UVG allows you to upload videos in various format and automatically encode them to flv or H264 format, you also can add videos from internet or record live videos from your webcam.

XMod Pro 2.7 - Forms and Views for Databases

Build high performance, completely customizable data-entry forms and views driven by your DNN and external databases. New built-in tools make it a snap to quickly create data entry forms, data views, and even database tables. Plus, add your own HTML, CSS, Javascript, SQL commands, stored procedures,

Smith Shopping Cart v3.88

The most advanced DotNetNuke shopping cart on the planet. Easy to use e-Commerce, Secure Shopping Cart Software and SEO friendly. B2C / B2B Ecommerce Sites.

Event Calendar and Registration 4.0

One stop solution for events calendar and events registration! FREE DOWNLOAD is available now!

Popular Tags

Tags

Secure Programming Tips - Password Reset Requests

Week 5: Forgotten Password Requests

As developers, it’s important for us to create user friendly applications. User friendly applications are those that are intuitive to an end user, as well as those that provide functionality for a user to address any issues the might arise while using it. A common issue that can arise is when an end user has forgotten their password. This can be very frustrating for a user, and often requires the end user to call a helpdesk for assistance in resetting the password. This can often result in a loss of productivity for the end user. So what can developers do to alleviate the end user’s frustration? Simple, we can build the functionality into the application itself. It’s fairly simple to create and only requires gathering one or more credentials known only to the end user, such as a username, account number, email address, etc. to verify the person making the password reset request is a valid user of the application.

Figure 1 below shows an example of a reset password request page.

Figure 1

Upon entering the required credentials above, the first step in the process would be to perform some application login on the credentials entered to ensure they are valid. The next step in the process, assuming the credentials supplied above are valid, is to determine how we are going to allow the user to reset their password. One option, albeit the worse possible one, would be to allow the user to create a new password at that time, such as shown in figure 2.

Figure 2

The primary reason the option above is a bad idea is, because if a lockout policy is not enforced, i.e. after a certain number of failed reset password request attempts, this could allow a malicious user to perform a brute-force attack and potentially discover and reset the passwords for valid user accounts, thus causing an application level DoS (Denial of Service) on the applications user base.

Another, more widely used option, is to send an email to the user’s email address containing a temporary password that would allow the user to login and then change their password to something more permanent. However, this option as well has security issues associated with it. The first issue is obviously the assumption that the user’s email address is only accessible to the user and not by any other person. The second issue, which happens quite often, is the email contains more information then it should, as seen in Figure 3.

Figure 3

As we can see in Figure 3 above, not only did the application send the new password, in clear text, but it also send additional credentials associated with the user’s account, including the user’s username, account number and the link to login with the new credentials. If the user’s email address was accessible by someone else, this email provides everything they would need to compromise and control the user’s account.

Realistically, if you are going to use an email exchange in order to allow the user to reset a forgotten password. The most secure manner is to provide a link containing a globally unique identifier (GUID) as a security token representing a one-time request. This link and associated security token should only be accessible for no more than 30 minutes. This will reduce the risk of the account being compromised in the event someone else has access to the user’s email account. Figure 4 is an example of a password reset email containing a secure link to change the user’s password.

Figure 4

As we’ve seen from the examples provided in this article, there are good ways and bad ways to allow a user to reset their password. Obviously, we don’t want to do all the actions at once, unless a lockout policy is in place. When using the user’s email address to communicate the password reset process, we obviously do not want to send all of the user’s credentials, nor do we want to send anything in clear text. The best recommendation, in lieu of a phone call to the help desk, is to provide the user with a secure link that is only accessible for a limited time frame, thus reducing the risk of the user’s account being compromised.

Feedback Comments

anonymous DNNForumArticle 8/17/2013 12:53 PM
Users Still Can't Add a Thread

Hello. We followed your instructions but users still can't add a threat. Also, viewers can't even register! Perhaps that's part of the problem...???

Abhijeet Kumar PasswordReset 2/22/2013 1:15 PM
facebook

password changed

shivaprasad PasswordReset 2/9/2013 7:36 AM
change the facebook password

gmail

Pardeep Nanda PasswordReset 1/16/2013 8:46 PM
yahoo Id Blocked

thierry estiverne PasswordReset 11/14/2012 4:41 PM
how are you doing i need you help on something

i want to know if you could reset my security question and my password cause i want to take a driver license test on my birthday

thierry estiverne PasswordReset 11/14/2012 4:41 PM
how are you doing i need you help on something

i want to know if you could reset my security question and my password cause i want to take a driver license test on my birthday

sanjay khajure DNNForumArticle 6/4/2012 1:41 AM
broken file styles.css

my analytics report says i have some broken file and that is used in login page and broken file is style.css what it means

Keith DNNForumArticle 2/8/2012 7:15 PM
DNN Forum Module

I can't find anywhere to purchase this "Forum" module. Can you point me in the right direction? Thanks so much.

Janne Andersson DNNForumArticle 9/23/2011 4:40 AM
Can't create new discussions

Hi, I have installed Fortum and It works fine until I set default language to Swedish and remove Forum on the US part of the site who don't use It. Now I can't create new discussions. New threads work fine but we need to create Discussions, do you know what I have to do to get this works? (in DNN 6.0) Best regards Janne Andersson

marfred PasswordReset 4/7/2011 4:28 PM
math

hahhahaha Submitted By: marfred

Comments per Page:

Page 1 of 3

First Previous [1] 2 3 Next Last

Feedback

Note: Required fields are marked with a

all others are optional.

Your Contact Information:

Email:

Enter your Email address

Name:

Enter your Name

Your Feedback:

Subject:

Enter the subject of your message

Message Body:

Please enter your message.

Security Code

Enter the security code.

Enter the code shown above into the box below.

Send Feedback

SharePoint Web Parts

All Data Springs Web Parts Support WSS 3.0, SharePoint 2007, and SharePoint 2010 Frameworks

Please select license option for each web part you wish to purchase. We highly recommend the SharePoint Bundle to get all Data Springs Web Parts for maximum value!

Cart

Data Springs Sharepoint Bundle

Best Value! The Bundle gives you all 5 web parts in one package at a very attractive price! Best Value! We think you will be very happy with the SharePoint bundle and great price discounts you will receive. With your purchase all of the web parts below will be included.

Random Image Web Part

With Random Image for Sharepoint 2007, you can select multiple images to display randomly when the web part loads...

Stock Quote Web Part

Giving your site visitors relevant information is critical. With the Data Springs Stock Web Part you can provide your users with up to date financial information

Dynamic Image Rotator Web Part

Who would have thought? Adobe Flash® with Sharepoint! The FIRST and ONLY image rotation web part for Sharepoint using Flash Technology from Adobe! The Dynamic Image Rotator displays selected images and then rotates between the images. Several extended and optional features allow you to select the time to rotate each image, fade between

SharePoint Charts Web Part

The MOSS Chart Web Part is a web part built by Data Springs for the purpose of rendering several chart types based on data from a SharePoint list on a MOSS 2007 or WSS 3.0 Site

Dynamic News Ticker Web Part

Provide current news items with a user-friendly news ticker for your Sharepoint Portal. With millions of web sites offering information you need a fun way to display information and the solution is Flash News Ticker....

Tailored Text Web Part

Tailored Text Web Part allows you to add text/html to your web site that can be different for anonymous users, registered users, and even individual users specifically.

Dynamic Views Web Part

Dynamic Views is an excellent tool to:
Personalization allows you to go the extra mile in communicating or connecting one to one with your clients. When it comes to technology and web site content, you now have the power to leverage this personalization directly with your users on your DotNetNuke® site

More