FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Most secure way to reset a password via email link
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Most secure way to reset a password via email link [message #185158 is a reply to message #185156] Wed, 05 March 2014 14:56 Go to previous messageGo to previous message
Ben Bacarisse is currently offline  Ben Bacarisse
Messages: 82
Registered: November 2013
Karma:
Member
jvd_200089(at)yahoo(dot)co(dot)uk writes:

> When resetting a password:
> 1) Emailing a new password that the user then logs in with and resets
> is the most simple method for non hashed passwords.

This is reasonable provided the only thing that the user can do is log
in to a "change my password" page, and that makes it very similar in
complexity to the second option. It just makes it a tiny bit more fussy
for the user.

If the emailed password can be used as normal until the user changes it,
then this method is less secure than the second. An interloper will get
full access to the user's account until the users gets round to changing
the password -- often with no sign that anything is wrong.

> 2) The other way involves sending a link for them to click on that
> redirects them to the password reset page but unless their email is
> secure anyone could click that link. What is special about this 2nd
> way? because thats what how my boss wants it to work because there is
> not point doing it that way if it isn't more secure than sending them
> a temporary new password.

In this case, an interloper can do only one thing: reset the password to
something of his or her choosing. They will get access, but the user
will almost certainly know of the compromise very soon. Small comfort
perhaps, but enough that this is the preferred method for most sites.

In short, either you make 1 and 2 virtually the same (in which case 1 is
actually a bit *more* complex) or 2 is slightly safer than 1.

> Also any source code examples for option 2 would be appreciated.

I don't have anything I can show, but I would make one recommendation:
don't store passwords directly -- always hash them internally. That
way, an accidental or malicious release of the database (which just
seems to happen time and time again) won't reveal actual passwords.
Some effort (and you can make it significant effort) would be required
to recover the password from the hash. Also, users often re-use
passwords and you won't placate a user whose been told that their
favourite password is now out in the open by saying that they should not
have used it for more than one site -- no matter how true that is!

--
Ben.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: simple link won't show
Next Topic: Need help accessing the key array.
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 14:23:04 GMT 2024

Total time taken to generate the page: 0.04021 seconds