Emailing lost passwords


#1

This might be a stupid question and if so then humor me with smart
remark and the answer :slight_smile:

I want to have a feature on my site that allows me to email forgotten
passwords back to the user (like what Backpack does). Now I’m currently
encrypting the user’s password + salt before saving to the database
using code borrowed from the LoginGenerator.

The question I have is there any way to get the user’s password after if
it’s been SHA1’ed or do I have store the user’s password as plain text
in the database?

If I have to store is plain text, isn’t that a bit insecure? And if so
why does backpack (and I’m assuming others do it?)

If I want to have the password encrypted in the database is my only
option to change their password ot a new value?

Thanks!


#2

On Mon, Jan 09, 2006 at 02:12:21AM +0100, Gerry Shaw wrote:

in the database?

If I have to store is plain text, isn’t that a bit insecure? And if so
why does backpack (and I’m assuming others do it?)

If I want to have the password encrypted in the database is my only
option to change their password ot a new value?

Thanks!

Nope, you can’t un-SHA1 the password. The only way to send it back is
to store it plain text (or use encryption, which is fairly pointless).
It’s marginally less secure, if someone gets access to your database; at
which point they’ve got all the data anyway. It’s a tradeoff of
convenience for a slight decrease in security.

-Scott


#3

Thanks for the sanity check (and quick reply). Just checking to make
sure I wasn’t missing anything obvious.


#4

For security reasons I’ve always taken the approach of using an
algorithm to
generate a new strong password, change the user’s password, and then
email
that to the user. I think most users will appreciate the fact that
you’ve
created a new secure password for them. At least it gives them a
feeling
that their password is not out in the open.

Michael T.