What do you guys think is a better and safer way to handle forgot password? Many sites out there reset and create a temporary password and send it in email in plain text.
Others normally ask you to provide email and send a link via which you can reset password. It probably is easier to reset password and send it for one time use in an email as long as it is hashed and stored.
What do you guys recommend?