Password reset process...is this secure enough?

Need help Database
1

When a User has changed their log in password, they’re taken straight to the Main Menu as a Logged in User.

This means that if you forget your password, the following steps occur…

  1. Click the “Forgotten Password” link.
  2. A pop up appears asking for your email address.
  3. Enter email address and hit Send.
  4. eMail with Password Reset link arrives > click link
  5. Arrive at Password Reset page
  6. Enter New Password, Confirm New Password > hit CONFIRM button.
  7. Alert appears indicating success
  8. User taken directly to Main Menu as “Logged in” User.

I’m wondering if they should be taken to a “log in screen” purely because this seems to be how so many apps work but I always find that a bit annoying as I’ve just put in a new password. So, my question is, is this a secure enough password change process or should I take them to a log in page so they have to log in twice. I can’t think of a reason to put that extra step in but I may have missed something…any thoughts would be appreciated.

2

Hi there, @joefarrowsmith… just my two cents here, but the process as you described it is secure. The minute you involve the person’s actual email account (meaning they have to click a link that has been sent to their email address), you are pretty darn good to go from a security perspective because if their email account has been compromised, it really doesn’t matter what you do on the Bubble end.

Again, just my two cents, and I hope it helps.

Best…
Mike

2 Likes
3

Magic, makes perfect sense and is reassuring.
Thanks, as ever, for your time Mike.

All the best
Joe

1 Like