I am wondering how it is safer to reset the password and e-mail a user a lin back to the site than to mail a new (temp) password. If mail is intercepted, than both ways will have the same risk in my opinion? Or am I missing something?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1688/1203#1203