Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Email reset password code not changed over time

+2 votes
162 views
asked Oct 8, 2016 in Q2A Core by htabar
Hi There,

When password reset email is being sent, a code is sent to the user mail box. This code changes if the user asks Q2A to send reset email again.

I know this change has security reasons, but I recommend to lower the security standards over here as the risk is acceptable. Users usually get confused in this process and can't complete the process. Loosing users in this way pose a higher risk to Q2A websites.

Is there anyway that users can get same codes over time?

Thanks
Q2A version: 1.7.4

1 Answer

+2 votes
answered Oct 8, 2016 by ProThoughts
This is security issue and I feel we should not compromise it.

If user code is same and what if someone get user code, account will be hacked.
commented Aug 14 by rishav kumar singh
ProThoughts can you tell which algo has been used to create reset code.
commented Aug 14 by rishav kumar singh
can anyone know the next code if he knows the previous one?
...