F
F
Fengol2018-11-08 14:01:53
Information Security
Fengol, 2018-11-08 14:01:53

Do I need to encrypt the password reset token using email?

Do I need to encrypt the password reset token that is sent with the email to the user?
If yes, then why?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
S
Sergey, 2018-11-08
@feanor7

Build a model of the intruder. Without details about your system, I'll say no. If the employee's mailbox can be accessed from the open internet, then maybe.

V
Vladislav Klimanov, 2018-11-08
@ahmpro

There is no need for this, it is enough to make the token one-time, long enough and with a short lifetime.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question