Hello Code Project Fellows,
Happy New Year to All.
Guys, in my last interview I was asked to explain the logic of Forgot Password Page.
I simply explained them that:
1-I'd be taking a Security question & it's answer from the User while registering an Account.
2-When an User click on Forgot Password, I'd be simply asking him the Answer of Security question & after answering the Security question perfectly, I'd be sending the user the Password by Retrieving it from Database.
Now after this answer the Interviewer asked me that, since U r going to send the Password to the Personal email Account of the Registered user It's already Secure.
So what's the Need of this Security question Logic.Coz though anyone else other than Original User requesting for password then also the Password is going to Member's Personal email account which no once can access other than Original User.
Now for this question I didn't have any good strong answer.
So I request plz anyone of u answer me, what should be the perfect answer for it.
Thanks in Advance.