Add: notion of single-use random link for password resets

author: Lars Wirzenius <liw@liw.fi> 2019-03-31 18:52:07 +0300
committer: Lars Wirzenius <liw@liw.fi> 2019-03-31 18:52:07 +0300
commit: d6a5101a691cf6260f83d03978f6c9d37d5ea6f5 (patch)
tree: d9591165252d882898d16528a430a83bd64b1d4c
parent: c3fb1165df74aa3e3a8ce18983f4c05721632780 (diff)
download: ick.liw.fi-d6a5101a691cf6260f83d03978f6c9d37d5ea6f5.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/yuck.mdwn b/yuck.mdwn
index 472504b..6e4f65f 100644
--- a/yuck.mdwn
+++ b/yuck.mdwn
@@ -167,7 +167,9 @@ reference in discussions.
   need.
 * (PRIVACYLEAK) Yuck MUST NOT leak personal information.
 * (PWRESET) Yuck MUST support the user resetting their password,
-  securely.
+  securely. Possibly by supporting a random, single-use link that can
+  be communicated to the user (perhaps via email) to allow them to
+  change the password.
 * (TEMPLOCK) Yuck MUST support locking an account temporarily, if it
   is the target of too many failures. This is to avoid an attacker
   from brute-forcing a password by trying many times.
author	Lars Wirzenius <liw@liw.fi>	2019-03-31 18:52:07 +0300
committer	Lars Wirzenius <liw@liw.fi>	2019-03-31 18:52:07 +0300
commit	d6a5101a691cf6260f83d03978f6c9d37d5ea6f5 (patch)
tree	d9591165252d882898d16528a430a83bd64b1d4c
parent	c3fb1165df74aa3e3a8ce18983f4c05721632780 (diff)
download	ick.liw.fi-d6a5101a691cf6260f83d03978f6c9d37d5ea6f5.tar.gz