I don't see how sending a reset link is secure. Wouldn't anyone intercepting the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Frozenlock on June 26, 2014 \| parent \| context \| favorite \| on: But why can't I send people their passwords? I don't see how sending a reset link is secure. Wouldn't anyone intercepting the email be able to use the reset link themselves and gain access to the account?

lotyrin on June 26, 2014 [–]

Reset links can at least time out, passwords generally don't.

Providers should send you notifications when you reset your password, they generally don't when you just log-in like normal.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact