Answer the question
In order to leave comments, you need to log in
Do I need to encrypt the password reset token using email?
Do I need to encrypt the password reset token that is sent with the email to the user?
If yes, then why?
Answer the question
In order to leave comments, you need to log in
Build a model of the intruder. Without details about your system, I'll say no. If the employee's mailbox can be accessed from the open internet, then maybe.
There is no need for this, it is enough to make the token one-time, long enough and with a short lifetime.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question