Y
Hacker News
new
|
ask
|
show
|
jobs
by
miiiiiike
217 days ago
It’s easier/more complicated than that. Use 6 digit codes, tied to a specific reset session, with only 3 attempts allowed per-session, and sessions lasting only 5 minutes.