Section
1.2.4
Top Level
Sub Level
General
The site should provide a mechanism for users to reset a lost password. This mechanism should also employ a lockout feature to prevent brute force attacks against this feature.
Django
Django's included contrib.auth application provides a set of views for resetting a forgotten password using a single-use token sent in an e-mail to the user. See documented password_reset views.
Natural Webagent
This is handled automatically when using EID authentication.