Reverberations

News, Views, Rants and Raves About Technology and More

Recovering Forgotten Password

with 3 comments

I’m stumped. Is there any way to avoid resetting user’s old password, without storing passwords in plain-text format in database. Usually passwords are stored as one-way hash (e.g. MD5) in the database. WordPress, phpBB, ASP.net – all seem to work this way only.

Written by Brajesh

June 22, 2006 at 11:31 am

Posted in Coding

3 Responses

Subscribe to comments with RSS.

  1. i’m afraid not. by definition, a password cannot be recovered if it’s never stored.

    but i’m curious: what don’t you like about resetting passwords?

    Ron Rothman

    July 26, 2006 at 8:32 pm

  2. Ron, thanks for the link. Nice article.

    What I don’t like about resetting passwords – someone else might reset my password.

    Now coming to think of it, resetting password is the lesser evil🙂 I would never like to store plain-text passwords anyway. plus, the point about insecure emails. Perhaps there is no better solution.

    Brajesh

    July 26, 2006 at 9:01 pm

  3. Ron, thanks for the link. Nice article.

    Thanks!🙂

    What I don’t like about resetting passwords – someone else might reset my password.

    As for someone else resetting your password: typically, a password is not reset automatically. first, an email is sent to the email address on file for the user. that email contains a link which you’d have to click on in order to reset your password. so nobody else could reset your password–unless they also had access to your email, in which case you’d probably have bigger problems to worry about. =)

    Ron Rothman

    September 25, 2006 at 7:34 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: