How to design "forget password" feature for mobile apps? It is trickier than www websites if you are a very small team.
Here are the options. Each of have its limitations.
1. Send the password resetting link to the user’s email box and then let them click to return to your UI interface to reset the password. Unfortunately, this link is an http url, meaning that you have to have an html page for the UI interface. As a result, you have to host a small HTML5 website for the password resetting UI, in addition to your android/ios application you’ve spent a lot of time building. Another problem is that mails sent by your system could be seemed as spam.
2. Send a random code via SMS to the user, with which they can reset the password on your android/ios UI interface. This is a clean, lightweight solution from users’ point of view. And there are no spam issues. However, your user have to be registered with his mobile phone number in the first place, which a lot of people may not want to do.
3. Only allow the user to log in with an OpenID such as a Google account or Facebook account. By doing this you throw alway all the password management problems and you get focused on your business. However, there are cases that a few users don’t have an OpenID.
P.S. My friend said there was a 4th option. I think it is great: Send the user a random password and force him to reset password after logging in.