I am not a fan of most forgot my password systems that force you to reset your password if you forget it. I prefer to be given the choice to simply email my current password to the email address that is on file. Once I receive the email, I can login and then change my password if I'm worried about the across the wires email that was sent to me with my original password. Of course, maybe that is not a good idea for a financial-related website, but for non-financial password-protected sites (e.g. TVGuide.com) there should be a choice to reset or recover a forgotten password.
I created an example of one approach that combines a Flex-based UI (leveraging Adobe Flash Builder and the Flex SDK 4.1), a mySQL database, and ColdFusion. |
In this example, the Flex UI includes a 5 minute timer that in effect locks out a user from entering an incorrect email address too many times. On the fourth unsuccessful attempt, the timer is started and the email textinput and submit button are disabled. Until 5 minutes has elapsed, the user can not enter another email address. Even refreshing the page does not give the user another stab at it (until 5 minutes later), because I store a boolean value in a flash shared object that is used in the Flex-based web application and that identifies the too many attempts or locked out status.
To try out this example, go here:
http://labs.insideflex.com/flextraining/TestSendPassword/TestSendPassword.html
For the example, there is a New User button, so you can enter your name and email address in a simple form once you click the button. Clicking on the subsequent Create button allows you to save your name and email address to a mySQL table along with a ColdFusion-generated password that is actually emailed to the email address you enter (so enter a real email address if you want to see the results).
There is a simple validation technique used for the form, so both a name and email address is necessary to submit the form.
And there you have it - a simple example that you might consider replicating the next time you are tasked with creating a password-based web application.
The source code is provided (right-click and view source in the Flex-based web application). |