A username and password combination is a commonly used means through which the identity of a user of a computer application can be established with reasonable certainty. Because most users have multiple username and password combinations and may use certain applications infrequently, many users have a frequent need to recover or reset passwords. An effective and secure means to recover lost or forgotten passwords is necessary in many computer applications.
Any successful means through which a user can recover a password, must overcome numerous challenges. First, the security and integrity of the application, and the data residing on any server that may be accessed, must be protected. This is especially true when the password to be recovered can provide access to sensitive information such as medical records, financial records, trade secrets, or permissions to alter such data. Second, any means by which a new password is supplied to a user must ensure the user is the intended recipient of the new password. Finally, any means through which a user can recover a password should require a sufficient degree of authentication.