Y
Hacker News
new
|
ask
|
show
|
jobs
by
premek
1838 days ago
in that case you don't send them a randomly generated string called a password but a randomly generated string called a token, right?
1 comments
ThePowerOfFuet
1838 days ago
Correct, but it's generated only when they initiate the reset-password flow, and should be time-limited and only usable once. It's not stored in the database for long periods.
link