Password Recovery options

devin-holloway · October 2, 2013, 9:40pm

Are there plans for any password recovery options? As of now, it appears that backendless generates a new password (which is pretty cool). However, during my registration/login process, I’m only storing hashed versions of the users’ passwords. It would be difficult for me to know if a particular user’s password is unencrypted due to a new temporary one created.

devin-holloway · October 2, 2013, 10:52pm

What you describe sounds perfect, except, that’s not what I see occurring. I am using the UserService.restorePassword() service, and the user does get an email. A link to update their password isn’t in that email, and instead, it gives them a new password.

Here’s a sample of one of the password recovery emails:

Hello email, You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account with the “eFitware” application. If you did not request this notification then please ignore it. Your new password is: 5lYfSphW Sincerely, eFitware Development Team

devin-holloway · October 2, 2013, 11:01pm

And, knowing that you’re already hashing passwords, I guess it’d be redundant for me to do so also. So I probably remove the encryption on my end, which would solve my problem. Nevertheless, I guess there’s still the issue of the emails giving new passwords instead of a link for resetting them.

mark-piller · October 2, 2013, 11:14pm

Let me investigate it further and I will report back.

mark-piller · October 2, 2013, 10:36pm

Hi Devin,

We provide the API which your app can use to offer password recovery to your users. The doc is here: http://backendless.com/documentation/users/flex/as_password_recovery.htm

The way it works is when you call the following method:

Backendless.UserService.restorePassword( userIdentity )

Backendless sends an email to the user with a link where they can change their password.

Additionally, you as a developer can change user’s password using the console. In that case, you enter the password in a readable format and we store a hash of it, so the passwords are never stored in clear text.

Does this answer your question?

Regards,Mark

aleks-p · June 16, 2016, 8:23pm

What news about link to change pswd by user? Because email is still without link:
You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account with the “” application. If you did not request this notification then please ignore it.
Your new password is: 123123