Continuing on with building a simple and restful user authentication system is allowing your users to recover their accounts. Account recovery is necessary as user’s have a knack for forgetting their passwords. Often, I come across account recovery methods that are crufty or insecure. Such does not need to be the case, especially with Ruby on Rails.

In this tutorial, you will use symmetric encryption to make secure forgotten password links that stop functioning after use. You will also use ActionMailer to email the link to the user’s address of record. Read the rest of this entry »