I have a question. We are modifying the OTP when clicking on reset password, but what if another user click on reset password after we did. Will it change to a new random code for the first user? Or it will stay the same? Like is the OTP const static/global
Thanks for video I had a question about if you're using a database. How would it know what user is trying to update their passwords once they get their otp code?
U can use the identificator and email in your table. And put a variable whit a token like a sesion, but not a sesion, who verify what user is changing his pass.Sorry for my english
Error: Invalid login: 535-5.7.8 Username and Password not accepted. This is the error which I am receiving at the time of clicking the button of forget button
Can you plz build a website with login,register and forgot password functionality with both frontend and backend and can also sign up and sign in with GOOGLE AND GITHUB. . PLZ 🙏
This is not an effective way to solve the issue. You should send a brand new link on user's email and onlicking the same a brand new page will appear asking for new password. The link should have some validity time say one hour.
I'm concerned about security here. Since we are entering a 4 digit code to reset a password, a brute force attack can reset any password in a short time.
Yes, That's a great point , what i would suggest as a further improvement to this would be to give the password a timeline , say 4 minutes and then once the 4 minutes has elapsed , the 4 digit code expires. You can also limit the number of tries.
@@koding_101 Yes but brute forcing a 4 digit code takes seconds. Increasing the code length and adding characters would fix the issue, even tho it impacts the user experience in a negative way. I would prefer a reset link that's being sent to the email
You know what , i just did a bit of research on it and you are exactly right , most professionals do however recommend a 6 digit code, because a 6 digit pin has 1 million combinations which is not practical to bruteforce. , and i've actually noticed that being a trend in many major corporations.
i started watching this video of yours th-cam.com/video/MJhsVDpYzQs/w-d-xo.html then came here and then everything is so different. can you make a playlist that started from the beginning to this? because it's so confusing
I understand your confusion and I apologize for that. I will do my best to help you navigate through the different videos and make it easier for you to follow along. I recommend starting with the video that you mentioned, which is a good introduction to automatically sending emails with JavaScript. From there, you can check out my playlist on TH-cam with the link below where I have organized my videos in a logical sequence. bit.ly/3Z4LUPP
I am a new subscriber when I watched this VDO
I have a question. We are modifying the OTP when clicking on reset password, but what if another user click on reset password after we did. Will it change to a new random code for the first user? Or it will stay the same? Like is the OTP const static/global
You are modifying OTP using useState hook. So wouldn't it be accessible from developers window? It could be seen by the user easily.
Thanks for video I had a question about if you're using a database. How would it know what user is trying to update their passwords once they get their otp code?
U can use the identificator and email in your table. And put a variable whit a token like a sesion, but not a sesion, who verify what user is changing his pass.Sorry for my english
very useful tutorial.. thanks a lot man
When I type email on the Login page, context is changing which is causing a full rerender and I can't type a full email - only letter per render.
i can help you if you send me the code
Thanks a lot, you really helped me ❤️
Thanks a lot! Very useful video! 💯👍
Thank you very much , my absolute pleasure.
Awesome video my friend, thank you.
My absolute pleasure , feel free to suggest more videos.
Thank you!
Thanks man that was really helpful ❤❤❤❤
My pleasure , glad to be of assistance
Thanks for this very useful video! Could you show how to realize sign in with google? It will be very interesting.
Absolutely , that one of the videos i plan on doing , subscribe to the channel so you dont miss out on that.
Error: Invalid login: 535-5.7.8 Username and Password not accepted. This is the error which I am receiving at the time of clicking the button of forget button
Can you plz build a website with login,register and forgot password functionality with both frontend and backend and can also sign up and sign in with GOOGLE AND GITHUB. . PLZ 🙏
Yes, one of the applications I plan on building is a simple social media application and it will include all these features or functionalities.
This is not an effective way to solve the issue. You should send a brand new link on user's email and onlicking the same a brand new page will appear asking for new password. The link should have some validity time say one hour.
Can I unlock my Oneplus 8 pro screen look of 6 digit pin without losing my data ? Pls reply
replied
can u shar github linke for this project please
Check the description box
Thanks sir ❤❤
Sure thing , anytime
Always provide a readme for your repos.
I'm concerned about security here. Since we are entering a 4 digit code to reset a password, a brute force attack can reset any password in a short time.
Yes, That's a great point , what i would suggest as a further improvement to this would be to give the password a timeline , say 4 minutes and then once the 4 minutes has elapsed , the 4 digit code expires. You can also limit the number of tries.
@@koding_101 Yes but brute forcing a 4 digit code takes seconds. Increasing the code length and adding characters would fix the issue, even tho it impacts the user experience in a negative way. I would prefer a reset link that's being sent to the email
Good on you for noticing this important cybersecurity point.
You know what , i just did a bit of research on it and you are exactly right , most professionals do however recommend a 6 digit code, because a 6 digit pin has 1 million combinations which is not practical to bruteforce. , and i've actually noticed that being a trend in many major corporations.
i started watching this video of yours th-cam.com/video/MJhsVDpYzQs/w-d-xo.html then came here and then everything is so different. can you make a playlist that started from the beginning to this? because it's so confusing
I understand your confusion and I apologize for that. I will do my best to help you navigate through the different videos and make it easier for you to follow along.
I recommend starting with the video that you mentioned, which is a good introduction to automatically sending emails with JavaScript. From there, you can check out my playlist on TH-cam with the link below where I have organized my videos in a logical sequence.
bit.ly/3Z4LUPP
Bruhh. Please anyone. Don't follow this tutorial. This is a security nightmare.
a video that could be shortened to 2 mins -- of useful information -- talking tooooo much
you talk way too much
Thank you