>Reset the password to a random string and use this character Send the string to their registered mail?
>Create a unique hash link to reset the password, the password is valid for one hour and send the link to the email?
>Are there other ways?
Create a unique hash link for resetting password which is valid for an hour and sending that link to mail
This is my favorite method. It only allows you to reset your password if and only when the user visits the link. This way, if someone maliciously tries to re Reset the password, the user can simply delete the email and not be affected (no need to enter a new password).
In addition, you should provide some kind of longer expiration date for the reset link (e.g. 12-24 Hours).
What is the best way to reset a user’s password when the password is hashed:
>Reset the password to Random string and send that string to their registered mail?
>Create a unique hash link to reset the password, the password is valid for one hour and send the link to the email?
>Are there other ways?
Create a unique hash link for resetting password which is valid for an hour and sending that link to mail
blockquote>
This is my favorite method. It only allows you to reset your password when and only when the user visits the link. This way, if someone maliciously tries to reset the password, the user can simply delete the email and not Affected (no need to enter a new password).
In addition, you should provide some kind of longer expiration date (e.g. 12 to 24 hours) for the reset link.
< p>