SKILL-059 Authentication and account lifecycle Locked skill

Password reset

The reset link is a bearer credential: store only its hash, let it be used once, expire it fast, and invalidate every session when the password changes.

Unlock download Unlock downloads

What this skill helps you build

A secure forgot-password flow built on a hashed, single-use, short-lived token — and the responses and session cleanup that keep it from leaking accounts.

The production takeaway

The reset link is a bearer credential: store only its hash, let it be used once, expire it fast, and invalidate every session when the password changes.

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Authentication and account lifecycle

What this helps you build

A self service password reset flow: a user who has forgotten their password requests a reset by email, clicks a one time link, and sets a new password — without ever talking to sup

🔒

Authentication and account lifecycle

When to use this

Use this any time users authenticate with a password they can forget — which is almost every app with email/password login. Concretely, you need it when you have: A password based

🔒

Authentication and account lifecycle

The core idea

A password reset is a short lived bearer credential delivered out of band . You generate a high entropy random token, email the user a link containing it, and store only a hash of

🔒

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.

Unlock all skills — $199 Browse the library