Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

REQ.126 Set password restoring mechanism

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining a mechanism to securely retrieve or restore users passwords.


The system must provide a mechanism to retrieve or restore users password.


  1. OWASP-ASVS v3.1-2.8 Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).

Service status - Terms of Use