If people can get into their forum accounts, then it should be possible to recover their LS information, which is the issue I see posted about here 99% of the time (can log into forum account, but not LS accounts).
My suggestion would be to setup a new field that stores registration email address from the forums also into a registration email address for the Login Server. The forum email address can be changed by logging into the forums, but the LS email address can't be changed (or at least not without logging in with an LS account password). Then, let them have an option to send a password recovery email to their LS email address, which should have to be owned by the correct person.
Unfortunately, that won't work for people who no longer have the same email address, but it should work in a good number of the cases. I can't really think of any other way to make password recovery retro-active and secure without doing a mass email that requires every member to set a security question (which just causes emails to get tagged as spam). A less secure option would be to just give forum accounts access to do a LS password recovery based on that they authenticated into the forums.
|