Skip to main content

Establish safe recovery

Requirement#

The system must guarantee that the person performing the password recovery or reset process is actually the owner.

Description#

Systems must have mechanisms that enable users to update and recover their passwords while guaranteeing the authenticity of the request. In the case of a password update, the system must request both the new and the old passwords. If the user wants to recover a lost or forgotten password, the system must ascertain the user's ownership of the corresponding account.

References#