Recovering Forgotten Password
I’m stumped. Is there any way to avoid resetting user’s old password, without storing passwords in plain-text format in database. Usually passwords are stored as one-way hash (e.g. MD5) in the database. WordPress, phpBB, ASP.net - all seem to work this way only.
i’m afraid not. by definition, a password cannot be recovered if it’s never stored.
but i’m curious: what don’t you like about resetting passwords?
Ron, thanks for the link. Nice article.
What I don’t like about resetting passwords - someone else might reset my password.
Now coming to think of it, resetting password is the lesser evil
I would never like to store plain-text passwords anyway. plus, the point about insecure emails. Perhaps there is no better solution.
Thanks!
As for someone else resetting your password: typically, a password is not reset automatically. first, an email is sent to the email address on file for the user. that email contains a link which you’d have to click on in order to reset your password. so nobody else could reset your password–unless they also had access to your email, in which case you’d probably have bigger problems to worry about. =)