The purpose of security is to keep things encrypted but doesn't that go right out the window when the site sends you a plain text email with all your login details including passwords?
If I forgot my password or signed up to a new account, I would much rather an email with a link on how to reset it rather then an email with "Your userID is:" and "Your password is:"
Comments
Steven Garrity - August 24, 2003 11:58 am
This is always a pet peeve of mine too - never send me my password over a regular email. Either generate a new one for me and let me re-set it, or send me a link that lets me retrieve it securely.
Stephen DesRoches - August 24, 2003 12:29 pm
does this not also prove they are storing the passwords in the database as plain text?
Brad Pineau - August 24, 2003 1:34 pm
Yeah, if a website can retreive your password for you, that means that it's not secure! How do we know that the webmasters aren't looking through the list of passwords. They could even be selling them. How many people use the same password on multiple sites? I mean, who knows what's going on behind the scenes...
Peter Rukavina - August 24, 2003 3:10 pm
<P>Assuming the security of DNS (which is, I admit, a big assumption, but one that's generally reasonable), what emailing a password achieves is some degree of email address verification. If steven@silverorange.com registers at my website, and I email a password to that email address, I can have some degree of comfort, when steven@silverorange.com logs in with that password, that the email address is valid. In situations where registration is limited to personalization or customization, and no personal information is otherwise stored, this seems an entirely reasonable approach.</P>
Steven - August 24, 2003 6:51 pm
I once had an admin from one site post as me on another site because I used the same password on both sites, and had badmouthed the first site on the second site's forum. It was a bit of an eye-opener...
Steven - August 24, 2003 6:54 pm
Originally Posted by: Stephen Desroches
"<i>does this not also prove they are storing the passwords in the database as plain text?</i>"
There's no reason why the password retrieval script couldn't decrypt the password before sending it in an email.
Jevon - August 24, 2003 11:18 pm
Passwords should only be stored in a digest (crypt) IMHO. There is no need for a site to be able to decrypt or re-send a password. There are always better options.
Steven Perry - August 25, 2003 2:27 pm
How would a site verify your login if it can't decrypt your password? Encrypt the given password and compare that value to the database value?
Isaac - August 25, 2003 3:22 pm
<p>A common, and great way to encrypt a password is to create a md5 hash of it (as easy as wrapping md5() around the string in PHP), and storing that value in the database. Sinces it's a one way encryption, you can easily generate the value again when the user is logging in, to compare against the datasbase value.</p>
<p>If the user ever loses their password, just generate a new random password for them, then email that to them, telling them to change it the next time they log in. Yes, this is emailing a password in plain text to the user - but its not nearly the problem of emailing them their original password, which may be something they use on everything.</p>
Miguel - October 7, 2003 8:09 pm
Traditional passwords requesting methods (on electronic forms), are becoming fragile because technological advances. Think how tiny VCR camera posted at back on public cyber houses could steal lot of passwords from imprudent users.
There are some easy tricks that could greatly improve security on passwords, but for these tricks to work properly, programmers and designers should change their way of thinking.
keywords: hackers, passwords steal, finance, banks, money, programs, systems, security, criptography, cracking passwords, spy, internet, electronic forms
link: http://www.meucat.com/passi.html
Serge - December 26, 2003 5:45 am
how does a website challenge and verify a user's password? even if it is the hash that is sent over? if someone is sniffs the traffic, he will be able to get the hash of the password, which is as good as the real thing because thats all it needs for verification.