Skip to main content

Establish safe recovery


The system must guarantee that the person performing the password recovery or reset process is actually the owner.


Systems must have mechanisms that enable users to update and recover their passwords while guaranteeing the authenticity of the request. In the case of a password update, the system must request both the new and the old passwords. If the user wants to recover a lost or forgotten password, the system must ascertain the user's ownership of the corresponding account.