Skip to main content

Set a password regeneration mechanism

Summary​

The system must provide a secure mechanism to regenerate a user's password.

Description​

Passwords are identity assertion elements that can be easily lost or forgotten. Additionally, they can be leaked as a result of a user's actions or a breach in the system. Thus, systems should have a secure mechanism that allows users to generate a new password in either of these scenarios. Furthermore, none of these mechanisms should send a recovery secret in plain text nor should they reveal the current password.

Supported In​

This requirement is verified in following services:

PlanSupported
Machine🔴
Squad🟢
One-Shot🟢

References​