Hacker News new | past | comments | ask | show | jobs | submit login

Do you have any examples of someone further explaining what you are suggesting? Or if you have time, can you further elaborate on this point? I glanced at the nounce article on wikipedia and if I understand correctly you are suggesting:

1) user creates account (which generates nounce)

2) when password resetting via email auth via nounce.

3) when password is reset regen nounce

Is that right? Just trying to better understand what appears to be a good approach to password resets.




Here's a recent post of somebody else channeling tptacek: http://news.ycombinator.com/item?id=4940291

I got it from a quick 'password reset' search here, I recall a lot of these discussions, if you're curios click around on a few more results. :)


That's basically right. Generally you generate the nonce when someone clicks the 'forgot password' link, but I suppose you could do it when someone creates the account as well.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: