Creating Secure Password Resets With JSON Web Tokens
When a user of your application has forgotten their password, it can and should be reset securely. To accomplish a secure password reset, I will demonstrate how to use JSON Web Tokens (JWT) to generate a URL-safe token. The JWT contains encoded information about the user and a signature that, when decoded, is validated to ensure that the token has not been tampered with. Once the JWT is validated, your application can securely allow the user to generate a new password, instead of sending them their forgotten one. There was a time when your password was stored in your favorite websites database just as you typed it. In fact, it still seems to occur far too often. An entire website is dedicated to telling people whether their email address or username has been exposed1.
Read Full Article at https://www.smashingmagazine.com/2017/11/safe-password-resets-with-json-web-tokens/
Tags: address, application, database, demonstrate, exposed1, forgotten, generate, information, password, secure, signature, website