- Generate string with the following data members: UserId, UserName, ExpirationDateTime
- Encrypt the string using a FIPS compliant algorithm (e.g. SHA512).
- Store encrypted string in the database, user table.
- Email encrypted string to the user requesting password reset.
- Upon clicking the encrypted string, a secure URL request will be sent to the server.
- The encrypted string will be decrypted and verified against the database value (UserId, UserName, ExpirationDateTime not yet passed).
- Optional: After the user successfully resets their password, the encrypted string is purged from the database.
Thank you and goodnight.
-Best Practices Team