diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/ConsoleUserChallengeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/ConsoleUserChallengeHandler.java
index 9d20a0a50..63c08b321 100644
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/ConsoleUserChallengeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/ConsoleUserChallengeHandler.java
@@ -1,49 +1,11 @@
 package li.strolch.privilege.handler;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import li.strolch.privilege.base.PrivilegeException;
-import li.strolch.privilege.model.Usage;
 import li.strolch.privilege.model.internal.User;
-import li.strolch.privilege.model.internal.UserChallenge;
 
-public class ConsoleUserChallengeHandler implements UserChallengeHandler {
-
-	private static final Logger logger = LoggerFactory.getLogger(ConsoleUserChallengeHandler.class);
-
-	protected Map<User, UserChallenge> challenges;
+public class ConsoleUserChallengeHandler extends UserChallengeHandler {
 
 	@Override
-	public void initialize(Map<String, String> parameterMap) {
-		this.challenges = Collections.synchronizedMap(new HashMap<>());
-	}
-
-	@Override
-	public void initiateChallengeFor(Usage usage, User user) {
-		UserChallenge challenge = new UserChallenge(usage, user, UUID.randomUUID().toString());
-		this.challenges.put(user, challenge);
-		logger.info("Password reset challenge for " + user.getUsername() + " is: " + challenge.getChallenge());
-	}
-
-	@Override
-	public UserChallenge validateResponse(User user, String challenge) throws PrivilegeException {
-
-		UserChallenge userChallenge = this.challenges.remove(user);
-		if (userChallenge == null)
-			throw new PrivilegeException("No challenge exists for user " + user.getUsername());
-		if (!userChallenge.getUser().equals(user))
-			throw new PrivilegeException("UserChallenge invalid: Wrong user!");
-
-		if (!userChallenge.getChallenge().equals(challenge))
-			throw new PrivilegeException("Challenge is invalid!");
-
-		userChallenge.fulfilled();
-		return userChallenge;
+	public void sendChallengeToUser(User user, String challenge) {
+		logger.info("Password reset challenge for " + user.getUsername() + " is: " + challenge);
 	}
 }
diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/MailUserChallengeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/MailUserChallengeHandler.java
new file mode 100644
index 000000000..0d0a8e35a
--- /dev/null
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/MailUserChallengeHandler.java
@@ -0,0 +1,33 @@
+package li.strolch.privilege.handler;
+
+import java.text.MessageFormat;
+
+import li.strolch.privilege.model.internal.User;
+import li.strolch.utils.SmtpMailer;
+import li.strolch.utils.helper.StringHelper;
+
+public class MailUserChallengeHandler extends UserChallengeHandler {
+
+	private static final String EMAIL = "email";
+
+	@Override
+	public void sendChallengeToUser(User user, String challenge) {
+
+		String subject = "Mail TAN";
+
+		StringBuilder sb = new StringBuilder();
+		sb.append("Hello ").append(user.getFirstname()).append(" ").append(user.getLastname()).append("\n\n");
+		sb.append("You have requested an action which requires you to respond to a challenge.\n\n");
+		sb.append("Please use the following code to response to the challenge:\n\n");
+		sb.append(challenge);
+
+		String text = sb.toString();
+		String recipient = user.getProperty(EMAIL);
+		if (StringHelper.isEmpty(recipient)) {
+			String msg = "User {0} has no property {1}";
+			throw new RuntimeException(MessageFormat.format(msg, user.getUsername(), EMAIL));
+		}
+
+		SmtpMailer.getInstance().sendMail(subject, text, recipient);
+	}
+}
diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/UserChallengeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/UserChallengeHandler.java
index 333ccf46a..dcbd4d971 100644
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/UserChallengeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/UserChallengeHandler.java
@@ -1,13 +1,23 @@
 package li.strolch.privilege.handler;
 
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import li.strolch.privilege.base.PrivilegeException;
 import li.strolch.privilege.model.Usage;
 import li.strolch.privilege.model.internal.User;
 import li.strolch.privilege.model.internal.UserChallenge;
+import li.strolch.utils.CodeGenerator;
 
-public interface UserChallengeHandler {
+public abstract class UserChallengeHandler {
+
+	protected static final Logger logger = LoggerFactory.getLogger(ConsoleUserChallengeHandler.class);
+
+	protected Map<User, UserChallenge> challenges;
 
 	/**
 	 * Initialize the concrete {@link UserChallengeHandler}. The passed parameter map contains any configuration the
@@ -16,7 +26,9 @@ public interface UserChallengeHandler {
 	 * @param parameterMap
 	 *            a map containing configuration properties
 	 */
-	public void initialize(Map<String, String> parameterMap);
+	public void initialize(Map<String, String> parameterMap) {
+		this.challenges = Collections.synchronizedMap(new HashMap<>());
+	}
 
 	/**
 	 * Initiate a password reset challenge for the given user
@@ -26,7 +38,24 @@ public interface UserChallengeHandler {
 	 * @param user
 	 *            the user for which to initiate the challenge for
 	 */
-	public void initiateChallengeFor(Usage usage, User user);
+	public void initiateChallengeFor(Usage usage, User user) {
+
+		String challenge = generateChallenge();
+		UserChallenge userChallenge = new UserChallenge(usage, user, challenge);
+		this.challenges.put(user, userChallenge);
+
+		sendChallengeToUser(user, challenge);
+	}
+
+	/**
+	 * Generates and returns a new challenge
+	 * 
+	 * @return a new challenge
+	 */
+	protected String generateChallenge() {
+		String challenge = CodeGenerator.alphaNumericUpper(12);
+		return challenge;
+	}
 
 	/**
 	 * Validate the response of a challenge for the given username
@@ -41,6 +70,26 @@ public interface UserChallengeHandler {
 	 * 
 	 * @return the challenge
 	 */
-	public UserChallenge validateResponse(User user, String challenge) throws PrivilegeException;
+	public UserChallenge validateResponse(User user, String challenge) throws PrivilegeException {
 
+		UserChallenge userChallenge = this.challenges.remove(user);
+		if (userChallenge == null)
+			throw new PrivilegeException("No challenge exists for user " + user.getUsername());
+		if (!userChallenge.getUser().equals(user))
+			throw new PrivilegeException("UserChallenge invalid: Wrong user!");
+
+		if (!userChallenge.getChallenge().equals(challenge))
+			throw new PrivilegeException("Challenge is invalid!");
+
+		userChallenge.fulfilled();
+		return userChallenge;
+	}
+
+	/**
+	 * Sends the challenge to the user
+	 * 
+	 * @param user
+	 * @param challenge
+	 */
+	public abstract void sendChallengeToUser(User user, String challenge);
 }