Are there plans for any password recovery options? As of now, it appears that backendless generates a new password (which is pretty cool). However, during my registration/login process, I’m only storing hashed versions of the users’ passwords. It would be difficult for me to know if a particular user’s password is unencrypted due to a new temporary one created.
What you describe sounds perfect, except, that’s not what I see occurring. I am using the UserService.restorePassword() service, and the user does get an email. A link to update their password isn’t in that email, and instead, it gives them a new password.
Here’s a sample of one of the password recovery emails:
Hello email, You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account with the “eFitware” application. If you did not request this notification then please ignore it. Your new password is: 5lYfSphW Sincerely, eFitware Development Team
And, knowing that you’re already hashing passwords, I guess it’d be redundant for me to do so also. So I probably remove the encryption on my end, which would solve my problem. Nevertheless, I guess there’s still the issue of the emails giving new passwords instead of a link for resetting them.
Let me investigate it further and I will report back.
We provide the API which your app can use to offer password recovery to your users. The doc is here: http://backendless.com/documentation/users/flex/as_password_recovery.htm
The way it works is when you call the following method:
Backendless.UserService.restorePassword( userIdentity )
Backendless sends an email to the user with a link where they can change their password.
Additionally, you as a developer can change user’s password using the console. In that case, you enter the password in a readable format and we store a hash of it, so the passwords are never stored in clear text.
Does this answer your question?
What news about link to change pswd by user? Because email is still without link:
You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account with the “” application. If you did not request this notification then please ignore it.
Your new password is: 123123