1. Home
  2. Articles
  3. Drupal
  4. Secure your Web Application's Reset Password flow

Secure your Web Application's Reset Password flow

On22nd Jan 2023, 2023-01-22T08:00:00+05:30 Read Pause Resume Stop
Secure your Web Application's Reset Password flow

Generally any application framework provides users to have a flow to reset the passwords by default, It is more like, use clicking on the Reset Password link and redirects to a page where he will asked for email, and reset link sent to users email, so that user can reset the password on their own.

This is a default or general flow that any application framework provides, but developers or architects have to make sure, this flow is more secure than just an email confirmation.

And, in this article we are gonna see certain inputs, which help developers or architects to design and develop a better secured recovery password flow in the web application.

1. Set expiry on reset password link

Make sure the reset password link expires in a certain amount of time, so that the user is entitled to reset the password in that interval of time. And also the link will not be available for users forever to reset the password.

2. Application to identify reset password link

Always make sure the web application will identify the reset password link that is shared to the user. This can be done by adding the token to the reset password link and validating the token with application secure storage, when the user uses the reset password link and resets the password.

3. Password should be set complex

Allow users only to set the complex passwords, don’t allow users to set simple passwords.

  • Alphanumeric Character types (one digit, one letter and one punctuation)
  • Uppercase and Lowercase
  • Length of minimum 8 characters
  • Don’t allow username or email as password.
  • Check history of password (avoid users to set old passwords.
  • Avoid generic passwords (like admin, admin123 etc)

4. User Sessions

During the password reset flow (while the reset is triggered by users), make sure to clear all the sessions of the users from the application, including in other devices.

5. Hash the passwords

Use the latest and most secure encryption algorithm to hash the passwords.

6. Have questions on reset password form

This is quite an extra step, but this can be helpful to make sure the reset password flow is secured with one more step.

7. Logging

Avoid logging the sensitive information related to passwords or password hashes or the input provided by users which is sensitive and can crack the reset password flow.

8. Limit Password retries

This can be applicable in certain cases, but should not be applied for all the cases.

  • Multiple reset password requests from a certain IP, in this case limit the reset of password.
  • Multiple failed login attempts in a short interval of time from different IPs, then avoid this request. Have something like 3 attempts for failed login and should wait for sometime.
  • Also look into the brute force attack to set such a limitation on the password reset workflow.

9. TFA

Having a two factor authentication is one more step of securing the reset password workflow.

10. Captcha

Have Captcha on the reset password form, so that it adds one more step of security to the flow.

These are some basic and informational inputs on the reset password flow. Thanks for reading the article, for more science and technology related articles read our peoples blog articles.

Labels

DrupalSci-TechSecurityWeb

3,000OFF
Redmi 10A (Charcoal Black, 4GB RAM, 64GB Storage) | 2 Ghz Octa Core Helio G25 | 5000 mAh Battery

Redmi 10A (Charcoal Black, 4GB RAM, 64GB Storage) | 2 Ghz Octa Core Helio G25 | 5000 mAh Battery

8,999 11,999
Amazon
Redmi 10A (Charcoal Black, 4GB RAM, 64GB Storage) | 2 Ghz Octa Core Helio G25 | 5000 mAh Battery | Finger Print Sensor | Upto 5GB RAM with RAM Booster
Mobiles & Accessories
5,000OFF
OnePlus Nord 3 5G (Tempest Gray, 8GB RAM, 128GB Storage)

OnePlus Nord 3 5G (Tempest Gray, 8GB RAM, 128GB Storage)

28,999 33,999
Amazon
Camera: 50MP Main Camera with Sony IMX890 (OIS supported), 8MP Ultrawide Camera with Sony IMX355 (FOV: 112 degree) and 2MP Macro lens f/2.4 and a FOV 89°; 16MP Front (Selfie) Camera with EIS supported. Camera Features: Photo, Video, Night, Portrait, PANO, TIME-LAPSE, and Dual-view video. Display: 6.74 Inches; 120 Hz AMOLED FHD+ Display with Corning Gorilla Glass Victus; Resolution: 2772 X 1240 pixels; HDR 10+, sRGB, 10-bit Color Depth, PWM + DC dimming. Operating System: OxygenOS based on Android 13.1. Processor: MediaTek Dimensity 9000 Chipset (Based 4nm Architecture). Storage: 8 GB + 128 GB | 16 GB + 256 GB; LPDDR5X RAM, UFS 3.1.
Mobiles & Accessories
6,000OFF
Lava Agni 2 5G (Glass Viridian, 8GB RAM, 256GB Storage) | Indias First Dimensity 7050 Processor | 120 Hz Curved Amoled Display | 13 5G Bands | Superfast 66W Charging | Clean Android

Lava Agni 2 5G (Glass Viridian, 8GB RAM, 256GB Storage) | Indias First Dimensity 7050 Processor | 120 Hz Curved Amoled Display | 13 5G Bands | Superfast 66W Charging | Clean Android

19,999 25,999
Amazon
17.22cm (6.78 inch) 120Hz FHD+ Curved Amoled Display with Widevine L1 DRM Protection - Enjoy all your Content in High Resolution. Superior performance with Octa-core 2.6GHz MediaTek Dimensity 7050 6nm processor. Superfast 66W charger (50% Charging in less than 16mins). Big 1.0µm Pixel 50MP Quad Camera with 8MP ultrawide, 2MP Macro and 2MP Depth camera along with 1.0µm 16MP selfie camera. Clean Android 13 OS (No Bloatware, No Ads). In-Display Fingerprint Unlock | Supports 13 5G bands.
Mobiles & Accessories

About Author

Karthik Kumar D K

Karthik Kumar D K

A Techie at heart, Karthik has a penchant for programming and open source. Also a Foodie, Writer, Traveler and sometimes a Social Activist.

Software professional / Drupal Developer having experience in web applications development, implementation and having strong knowledge of technical specifications, workflow development and deploying.

Related Articles

Create a custom Drupal Service and Use as a Helper
Imagefield Slideshow module to render Slideshow on Drupal website
Unable to install Update Manager, update.settings already exists in active configuration
How to run PHPUnit test cases on your local machine for Drupal
API Docs, Drupal contributed module for your Developer Portal
6,610OFF
Panasonic 280 L Double Door 3 Star AI Enabled Inverter Technology Frost Free Refrigerator (NR-TH292CPKN, Diamond Black, Jumbo Fresh Vegetable Basket,2023 Model, Net Capacity 256L)

Panasonic 280 L Double Door 3 Star AI Enabled Inverter Technology Frost Free Refrigerator (NR-TH292CPKN, Diamond Black, Jumbo Fresh Vegetable Basket,2023 Model, Net Capacity 256L)

30,590 37,200
Amazon
Double door Frost Free Refrigerator: Stylish design, efficient operations and ample space, making it a perfect addition to a new age home. Keep your food fresher and healthier for longer with this modern and chic refrigerators. 280L Capacity: Suitable for families with 3 to 4 members.. Net Capacity: 256L. 3 Star rating - The star rating changes are as per BEE guidelines on or before 1st Jan 2023.
Refrigerators

Popular Articles

Average yearly consumption of Rice for the typical Indian
How to find out that your partner has a toxic personality?
Build a Worm Farm, science experiment for children
Samosas - Snack from the Indian subcontinent
How to cure PCOD or PCOS to have better Lifestyle

Recent Articles

How do you know if you are emotionally neglecting your partner in a relationship?
Cartesian Diver, science experiment for children
Bangalore to Kovalam Solo Trip Plan
I’m Sorry, Why is apologizing so difficult?
Ping Pong Ball Hovercraft, science experiment for children

Recent Quick Read

The Wolf and the Crane
The Eagle and the Fox
The Crow and the Swan
The Wise Little Hen
The Cat and the Parrot

Recent Great People

Baldev Upadhyaya
Phoolan Devi
Perween Warsi
Vishnu Narayan Bhatkhande
Vinayaka Krishna Gokak
3,000OFF
realme narzo 60X 5G(Stellar Green,6GB,128GB Storage ) Up to 2TB External Memory | 50 MP AI Primary Camera | Segments only 33W Supervooc Charge

realme narzo 60X 5G(Stellar Green,6GB,128GB Storage ) Up to 2TB External Memory | 50 MP AI Primary Camera | Segments only 33W Supervooc Charge

12,999 15,999
Amazon
With a 33 W Powerful SUPERVOOC Charge, 30 minutes charge for 50% battery and full charge in 70 minutes,5000mAh massive battery, without ever being concerned about the battery running out 50MP Primary Camera,street photography high-quality pictures that catch every details with astounding clarity Fast refresh displays cut blur in animations, scrolling and games to provide a notably better user experience. Multi levels of refresh rates means the display can save much energy and users can use for longer time According to the installation of a photo 4M to calculate: 128GB of memory can be installed 28000 + photos; According to a 720P TV series size of 250M to calculate: 128GB memory can be loaded with 450 + TV series More comfortable unlocking position than back fingerprint When the phone is placed face up on the desk, the user can unlock the phone by side fingerprint without picking it up, which is more comfortable and convenient than holding the phone up with the back fingerprint
Mobiles & Accessories
20,000OFF
HONOR 90 (Midnight Black, 12GB + 512GB) | India's First Eye Risk-Free Display | 200MP Main & 50MP Selfie Camera | Segment First Quad-Curved AMOLED Screen | Without Charger

HONOR 90 (Midnight Black, 12GB + 512GB) | India's First Eye Risk-Free Display | 200MP Main & 50MP Selfie Camera | Segment First Quad-Curved AMOLED Screen | Without Charger

29,999 49,999
Amazon
200MP Ultra-Clear Rear Camera, Master of Photography: HONOR 90 features a 200MP Ultra-Clear Main Camera with the largest 1/1.4-inch sensor in the segment, a 12MP Ultra Wide and Macro 2-in-1 Camera, and a 2MP Depth Camera and a 50MP Selfie camera and 100° wide FOV hardware to capture exquisite photos and videos. 120Hz Quad-Curved Floating AMOLED Display: The leading technology can correct the deform of images on the display, ensuring visual comfort. Equipped with a 6.7-inch/17.02cm quad-curved bezel-less display, HONOR 90 supports a high resolution of 2664x1200, 100% DCI-P3 color gamut, up to 1.07 billion colors, and segment leading peak HDR brightness of 1600 nits. Risk-free Industry's first 3840Hz PWM Dimming: To promote eye health the HONOR 90 is equipped with the industry-leading Pulse Width Modulation (PWM) Dimming of 3840Hz, the highest in the industry, which maintains a more comfortable and flicker-free viewing experience and minimizes eye strain especially in dimly lit environments. Extraordinary Performance: HONOR 90 is equipped with Qualcomm Snapdragon 7 Gen 1 Accelerated Edition 5G 4nm processor, which can provide exceptional performance and handle even the most intensive and demanding tasks with ease. The phone adopts a super-large arterial biomimetic VC with the Gen 3 high thermal conductivity graphite sheet and a full-scene AI intelligent thermal management system. Control temperature accurately, dissipate heat stably.
Mobiles & Accessories
4,000OFF
realme narzo 60 5G (Mars Orange,8GB+128GB) 90Hz Super AMOLED Display | Ultra Premium Vegan Leather Design | with 33W SUPERVOOC Charger

realme narzo 60 5G (Mars Orange,8GB+128GB) 90Hz Super AMOLED Display | Ultra Premium Vegan Leather Design | with 33W SUPERVOOC Charger

15,999 19,999
Amazon
Immerse yourself in a smooth and responsive visual experience with our vibrant 90Hz Super AMOLED display. Enjoy seamless scrolling, fluid animations, and razor-sharp image quality, bringing your content to life like never before. Whether you're gaming, browsing, or watching videos, every interaction will be a delight for your eyes. Embrace the sleekness of our ultra-slim design, measuring only 7.93mm in thickness. This slim profile not only enhances the aesthetics of your device but also ensures a comfortable and ergonomic grip. Slip it effortlessly into your pocket or bag, and experience the perfect balance of style and portability. Elevate your style with our smartphone's premium leather design. Meticulously crafted with genuine leather, this device exudes sophistication and luxury. The soft and supple texture of the leather provides a comfortable and luxurious feel, making a statement wherever you go. Unleash your creativity and capture stunning street photography moments with our powerful 64 MP camera. This camera is specifically designed to excel in urban environments, capturing intricate details and vibrant colors with precision. With advanced features and AI technology, you can elevate your photography skills and unleash your artistic vision.
Mobiles & Accessories
5,500OFF
POCO M6 Pro 5G (Forest Green, 4GB RAM, 128GB Storage)

POCO M6 Pro 5G (Forest Green, 4GB RAM, 128GB Storage)

10,499 15,999
Amazon
Processor: Snapdragon 4 Gen 2 Mobile Platform : Power efficient 4nm architecture | 8GB of RAM including 4GB TurboRAM. Display: Large 17.24cm FHD+ 90Hz AdaptiveSync display with Corning Gorilla Glass 3 Protection. Camera: 50MP f/1.8 AI Dual camera with classic film filters, Film Frame, Portrait, Night Mode, 50MP mode, Time-lapse, Google lens | 8MP Selfie camera. MIUI Dialer | MIUI 14 with Android 13 | Side fingerprint | IR blaster | 3.5mm Audio jack | IP53 rating.
Mobiles & Accessories
We Need Your Consent
By clicking “Accept Cookies”, you agree to the storing of cookies on your device to enhance your site navigation experience.
I Accept Cookies