In the last solution, I was happy to explain just how great human beings are in comparison to computers. Unfortunately, though, we have a tendency to age out important information such as the password we need to log into a site. A feature that allows users to retrieve forgotten passwords is an essential time saver. Overlook this, and you can expect to waste a lot of time changing passwords for people who have forgotten them.

If you encrypt the passwords in your database, youll need a mechanism that generates a new password that, preferably, is easy to remember. If youre storing passwords as-is, without encryption, its probably acceptable simply to send the password to the users registered email address. Using an email address that youve already confirmed as valid is more reliable than the Secret Question approach. This common tactic asks users simple questions to refresh their memories, such as, Where were you born? and Whats your date of birth? Just ask yourself how many organizations, both on and offline, youve given that information to. Some online applications, such as forums, even make your birthday available for all to see, should you provide it. Details like this may well be common knowledge.