When my user is
forgetting their password, I asked them for an email so I can send them the re-set password link.
Right now I embeded the link into the btn, that link doesn't have any expiration time on it. But if they re-submit an email again, the I re-generate the link and override the old one.
- Is what I'm having right now is secure enough ?
- Should I make that re-set password link expire at a certain period of time ?
- If so - What is the best practice to handle this ?
Any tips / suggestions will be much appreciated.