"Timwi"
Tim Starling wrote:
I've just implemented a per-user limit on password reminder emails. By default, 24 hours must elapse from one password reminder to the next. I figure if you've just been sent one password reminder, you don't need another one, assuming your mail was working.
And there you've already highlighted a grave problem with your approach. Suppose you didn't receive the mail (for whatever reasons). Then what?
You will likely press send password' again but the second one would probably don't arrive neither. Or maybe it's just the first who is arriving too slow so the second one (the first one won't work then) will take a while too. I'd tell them "We really sent you a message, please wait" is probably ok. However i don't mind setting the limit lower.