Password notification e-mail

Password notification e-mail

Password notification e-mail is a common technique used by websites. If a user forgets their password then a password notification e-mail is sent containing enough information for the user to access their account again. This method of password retrieval relies on the assumption that only the legitimate owner of the account has access to the inbox for that particular e-mail address.

The process is often initiated by the user clicking on a forgotten password link on the website where, after entering their username or e-mail address, the password notification e-mail would be automatically sent to the inbox of the account holder. Some websites, such as Dating Direct, include the password in every e-mail sent from the website. This has the problem that all of the e-mails received must be treated with the same security as a password notification e-mail. However, Dating Direct has an option to not include your login details in emails you receive.

The email sent could contain a new, temporary password for the account or a URL that can be followed to enter a new password for that account. The new password or the URL often contain a randomly generated string of text that can only be obtained by reading that particular email. This is a very common technique used by websites such as GMail and GenuinelyLooking.com.

Another method used is to send all or part of the original password in the email. Sending only a few characters of the password, a method employed by Friends Reunited, can help the user to remember their original password, without having to reveal the whole password to them.

ecurity problems

The main issue is that the contents of the password notification email can be easily discovered by anyone with access to the inbox of the account owner. This could be as a result of shoulder surfing or if the inbox itself is not password protected. The contents could then be used to compromise the security of the account. The user would therefore have the responsibility of either securely deleting the e-mail or ensuring that its contents are not revealed to anyone else. A partial solution to this problem, employed by websites such as Google Accounts, is to cause any links contained within the e-mail to expire after a period of time, making the e-mail useless if it is not used quickly after it is sent.

One problem with sending the original password in the e-mail is that the password contained within could be used to access other accounts used by the user, if that user had chosen to use the same password for two or more accounts.

E-mails are often not secure so, unless the e-mail had been encrypted prior to being sent, the contents could be read by anyone who eavesdrops on the e-mail.


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Password — For other uses, see Password (disambiguation). A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password… …   Wikipedia

  • Mail (application) — Mail Mail 5.0 under Mac OS X Lion Developer(s) Apple Inc …   Wikipedia

  • Self-service password reset — is defined as any process or technology that allows users who have either forgotten their password or triggered an intruder lockout to authenticate with an alternate factor, and repair their own problem, without calling the help desk. It is a… …   Wikipedia

  • Open mail relay — Mail relay diagram An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e mail through it, not just mail destined to or originating from known users.[1][2] …   Wikipedia

  • Disposable e-mail address — Disposable e mail addressing (DEA) refers to an alternative way of sharing and managing e mail addressing. DEA aims to set up a new, unique e mail address for every contact or entity, making a point to point connection between the sender and the… …   Wikipedia

  • AAA Travel High School Challenge — The AAA Travel High School Challenge (sometimes shortened to AAA Travel Challenge) was an annual travel themed scholarship competition run by the American Automobile Association, open to students in grades 9 12 in the fifty United States and the… …   Wikipedia

  • iOS version history — Contents 1 Overview 2 Versions 2.1 Unreleased versions …   Wikipedia

  • Voicemail — (also known as voice mail, voice message, or voice bank) is a computer based system that allows users and subscribers to exchange personal voice messages; to select and deliver voice information; and to process transactions relating to… …   Wikipedia

  • Mobile operating system — A mobile operating system, also known as a mobile OS, mobile software platform or a handheld operating system, is the operating system that controls a mobile device or information appliance similar in principle to an operating system such as… …   Wikipedia

  • Список портов TCP и UDP — Эта статья содержит незавершённый перевод с английского языка. Вы можете помочь проекту, переведя её до конца. В данной статье приведён список портов TCP и UDP, ко …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”