I'm using the Devise gem for user authentication for a web service that allows people to register their details for a paid service that is not internet related,
The problem that i have is that some people don't have emails (only a handful) and the ones that do have emails it is generally a corporate email that it is blocking/deleting the emails sent by the ROR app.
So to get around the email issues i want to implement a system that allows people to reset their passwords without having to click on the reset token that is sent in the password reset email, my initial thought is to implement this recommended solution http://www.fishnetsecurity.com/Resource_/PageResource/White_Papers/FishNetSecurity_SecureForgotPassword.pdf
This question basically asked the same question Rails 3.0 Devise reset Password by answering a question (but there is no real answer)
I guess that i need to override the Devise Password controller to ask the user a set of Security questions which the user answered when they first registered. If they answer correctly then the user is allowed to reset their password.
Anyone have a better solution?
Thanks
