Posted over 1 year ago. Visible to the public.
Best Practice: Creating User Accounts Without Sending the Password
In applications without a sign-up, user accounts are usually created by an admin. This imposes two challenges:
- How to transmit the password securely and
- How to make the user change the initial password immediately
There is a simple solution: create the account with a secret password, then ask the user to use the password reset with his user name.