Password Change Functionality
Surprisingly, many web applications do not provide any way for users to change their password. However, this functionality is necessary for a well designed authentication mechanism for two reasons: ■ Periodic enforced password change mitigates the threat of password compromise by reducing the window in which a given password can be targeted in a guessing … Read more