diff --git a/server/session.go b/server/session.go
index 077b63034728cbf68999b8efa726a1f827b4054a..d7c537805ee9fb59c50968ba13a12635809dbbf8 100644
--- a/server/session.go
+++ b/server/session.go
@@ -987,7 +987,7 @@ func (s *Session) authSecretReset(params []byte) error {
 		return types.ErrMalformed
 	}
 
-	// Technically we don't need to check it here, but we are going to mail the 'authName' string to the user.
+	// Technically we don't need to check it here, but we are going to mail the 'authScheme' string to the user.
 	// We have to make sure it does not contain any exploits. This is the simplest check.
 	auther := store.Store.GetLogicalAuthHandler(authScheme)
 	if auther == nil {
@@ -1010,8 +1010,12 @@ func (s *Session) authSecretReset(params []byte) error {
 	if err != nil {
 		return err
 	}
+	tempScheme, err := validator.TempAuthScheme()
+	if err != nil {
+		return err
+	}
 
-	code, _, err := store.Store.GetLogicalAuthHandler("code").GenSecret(&auth.Rec{
+	code, _, err := store.Store.GetLogicalAuthHandler(tempScheme).GenSecret(&auth.Rec{
 		Uid:        uid,
 		AuthLevel:  auth.LevelAuth,
 		Features:   auth.FeatureNoLogin,
diff --git a/server/validate/email/validate.go b/server/validate/email/validate.go
index 1bb8979cf7a8121f0c9c718e476d8183b895ef12..ab8c4c6b02bd88017495cfbdda1081177f86df3e 100644
--- a/server/validate/email/validate.go
+++ b/server/validate/email/validate.go
@@ -390,6 +390,11 @@ func (v *validator) Remove(user t.Uid, value string) error {
 	return store.Users.DelCred(user, validatorName, value)
 }
 
+// TempAuthScheme returns a temporary authentication method used by this validator.
+func (v *validator) TempAuthScheme() (string, error) {
+	return "token", nil
+}
+
 // SendMail replacement
 func (v *validator) sendMail(rcpt []string, msg []byte) error {
 
diff --git a/server/validate/tel/validate.go b/server/validate/tel/validate.go
index 00eb603961bf95a91bf92e74a21d18fe75744afb..de12ba97c8fa38125ee9dcef001b0270a27b8d39 100644
--- a/server/validate/tel/validate.go
+++ b/server/validate/tel/validate.go
@@ -248,6 +248,11 @@ func (*validator) Remove(user t.Uid, value string) error {
 	return store.Users.DelCred(user, validatorName, value)
 }
 
+// TempAuthScheme returns a temporary authentication method used by this validator.
+func (v *validator) TempAuthScheme() (string, error) {
+	return "code", nil
+}
+
 // Implement sending the SMS.
 func (*validator) send(to, body string) error {
 	logs.Info.Println("Send SMS, To:", to, "; Text:", body)
diff --git a/server/validate/validator.go b/server/validate/validator.go
index e2c7c89f3ab31020de87e18c738581150112acbc..3c5b72b0231c88397b6748d52de7d9ec2acbb7e1 100644
--- a/server/validate/validator.go
+++ b/server/validate/validator.go
@@ -26,7 +26,7 @@ type Validator interface {
 	// Returns normalized credential prefixed with an appropriate namespace prefix.
 	PreCheck(cred string, params map[string]interface{}) (string, error)
 
-	// Request sends a request for confirmation to the user. Returns true if it's a new credential,
+	// Request sends a request for validation to the user. Returns true if it's a new credential,
 	// false if it re-sent request for an existing unconfirmed credential.
 	//   user: UID of the user making the request.
 	//   cred: credential being validated, such as email or phone.
@@ -52,6 +52,10 @@ type Validator interface {
 
 	// Delete deletes user's record.
 	Delete(user t.Uid) error
+
+	// TempAuthScheme returns a temporary authentication method used by this validator.
+	// It should be either "code" or "token".
+	TempAuthScheme() (string, error)
 }
 
 func ValidateHostURL(origUrl string) (string, error) {