Week 5 - Password Management and Security

This week, I focused on creating a secure and user-friendly password management system. By introducing password recovery, token-based verification, and improving the login and registration experience, I enhanced the platform’s security and usability.

Day 24: Adding a Forgot Password Feature

Forgetting a password is common, so I added a "Forgot Password" option on the login page. When users request a password reset, they receive an email with a secure link that lets them reset their password. This process is made secure by using a tool called itsdangerous, which creates unique, temporary tokens to validate each password reset request.

- How It Works: When a user requests a reset, the app generates a unique token tied to their email and sends it as part of a reset link. This token acts like a “one-time pass” to ensure only the owner of the email can reset the password.

- User Benefit: With this feature, users can reset their passwords safely, without worrying about unauthorized access.

Day 25: Creating a Reset Password Page with Token Verification

After receiving the reset link, users are directed to a page where they can enter a new password. The app verifies the link’s token to ensure it hasn’t expired. If valid, users enter a new password that’s securely updated in the system. This flow maintains both convenience and security.

- Token Security: Tokens have a time limit to prevent misuse. If the link expires, the user can simply request a new one.

- User Benefit: By allowing secure password updates, this feature provides a seamless experience for users to regain access to their accounts.

Day 26: Refining the Login, Registration, and Password Recovery Templates

To ensure a pleasant user experience, I polished the login, registration, and password recovery pages. Using Bootstrap (a popular CSS framework), I made the templates look clean, professional, and responsive for mobile users. This also ensures that users find navigation intuitive and consistent across devices.

- Design Improvements: Updated styles make each page visually appealing and easy to use. Links, buttons, and messages are clearly highlighted, guiding users through each step.

- User Benefit: An easy-to-navigate, visually appealing design helps users feel confident and supported throughout the process.

Conclusion

This week’s updates prioritize security and ease of use. The new password management features allow users to handle account recovery independently, while secure token verification ensures that only authorized users can reset their passwords.

Technologies Used

- Flask - for managing routing and handling password requests.

- itsdangerous - for generating secure tokens that validate reset links.

- smtplib - for sending reset emails.

- HTML/CSS and Bootstrap - to design clean, responsive pages.

Learning Spotlight

Tokens: In web security, tokens are unique codes that validate specific actions, such as password resets. They’re usually time-limited and provide an extra layer of protection, ensuring only the authorized user can perform certain tasks.