David Newton wrote:How can they log in without a password?
David same thing currently implemented so many live application. When user registered first time it is automatically login to the application. And random generated password send to the user in mail. If user want to change his/her password first he/she has to entered random generated password.
OR
Mail contains link which doesn't required authentication and just click on link application registered session and user login to application. Now this mail also contains random generated password.
If user want to change his/her password first he/she has to entered random generated password. .. Something like that...