Password Reset Alternatives
Discussions center on challenges and alternatives to email-based password resets, including how to handle account recovery without email or phone access, and comparisons to standard recovery methods like security questions.
Activity Over Time
Top Contributors
Keywords
Sample Comments
What do you suggest as an alternative to password reset based on the account email?
How do you propose password resets work without an email address or phone number?
Why didn't you just require password resets to be done by the user?
Why can't they just use email password recovery like everyone else?...
I've lost an account on another service this way. They did a forced password reset. To set a new password, you had to go through the forgot password flow, receive the email, and then answer the security questions. You would think that if the passwords were compromised, the (probably plain text) security questions were certainly compromised.
With password reset, you are also trusting email.
If you're allowing emails as a credential reset mechanism, you've already got that problem.
how else do you expect they send you password resets?
Why is nobody talking about password reset questions?
Most services have a mechanism through which you can reset your password, usually email. Losing access to your password store isn't the end of the world.