I see some sites when registering a new user only gather username, password and first name (maybe date of birth) as the data and yet they still have the feature of “reset password”, so I’m wondering how do these sites do it without more data about the user?, I’m guessing they send some link to the user email to reset the password although I’m not sure if that would be the best way to do this.
I remember a few years ago almost every website asked you a few security questions (or just 1 depending on the site security level) in case the user forget their password in the future, I know banks still do and probably others site as well. I would like to implement this feature in a project I’m working on and I’m wondering if this should be the way to go about this.