i want to decrease complexity of password for recovery password asp.net.for example if a user do the recovery, it send a random password only with numbers. not with complex characters! and my second question is that can recovery password send old user password to his/her email again or not? thank you
I would recommend setting it up so you DON't sent new passwords over mail to the user. Instead send a link to a generated URL that is valid for a specific time from which the user can set a new password. This way you get around a lot of security issues with sending passwords to users in their mail.