http://blogs.msdn.com/b/dtjones/archive/2011/06/06/forgot-your-password.aspxI’ve seen three basic patterns for handling forgotten web site passwords: Send a change password link to the email address on file Ask one or more challenge questions (or personal information) to unlock the change password screen Send the password, inen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/dtjones/archive/2011/06/06/forgot-your-password.aspx#10171925Tue, 07 Jun 2011 04:39:35 GMT91d46819-8472-40ad-a661-2c78acb4018c:10171925Henry Boehlert<p>Look at the options frameworks such as the ASP.NET membership provider offer to somebody not wanting to spend too much time on implementing authentication.</p> <p>It&#39;ll come down to salted hashed passwords and randomly generated (initial) passwords sent by email.</p> <p>AFAIK with ASP.NET, change password links are more effort.</p> <p>Anyway, we&#39;ll all go OAuth or Facebook, sooner or later.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10171925" width="1" height="1">