|
I was wondering what would be the safer option when users have forgotten their password
Send a randomly generated new password to the email address (all email addresses in my database are confirmed to work). Or
Send an email with a link that expires within...
Started by Marijn Huizendveld on
, 15 posts
by 15 people.
Answer Snippets (Read the full thread at stackoverflow):
If you send an email containing the password, it means :
The password will go through some networks in an email....
Also, once the password is changed, send an email to close the loop.
Anyone can read it who wants to.
|
|
A group in my company is implementing a single-sign-on REST API for our applications. This authentication service has a password reset function. The application sends the username to the reset function. If that username is associated with an email address...
Started by gnavi on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
If you use password resetIn both cases, the private information (temporary password or reset link) is transmitted over as a few advantages: You force ....
By constantly hitting the reset link and putting in that user's email address.
|
|
So, I've been playing with asp:PasswordRecovery and discovered I really don't like it, for several reasons:
1) Alice's password can be reset even without having access to Alice's email. A security question for password resets mitigates this, but does ...
Started by Brian on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
If the email is intercepted I am totally against....
A plain-text password through email? Either way, somebody with access to the email address can gain address of their current machine, if they match then reset the password.
|
Ask your Facebook Friends
|
When a site emails your old password, as opposed to requiring you to reset it on the site, I'm wondering what that implies about their security measures.
Does this mean that they store the password in plain text for their own convenience or could they...
Started by S. Michaels on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at superuser):
Encrypting the password....
This means they can check the password you enter now matches the one you it is.
They might be using encryption when the password is stored in the DB but they shouldn't be storing of the password (plus a salt ).
|
|
I want a Registration Form with only email + password. I am thinking to insert automatically email in username field. So, for eash user, I will have this:
username: example@example.com
password: mypassword
email: example@example.com
Of course email + ...
Started by xRobot on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
Also, there's ....
, obviously).
Probably no @ or.
I would change the caption of 'username' to 'email', though.
It makes it easier for the user to remember which email they registered with.
In that case, yes, that's a very good solution.
|
|
How to figure out my cousins fb password if i have her email and her email password? Without having to reset her facebook password
Started by Loveshay on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at yahoo):
Notice - logging onto someone's personal page is in breach .
But you could search the email to see if you can find a previous email update from facebook with the password enclosed.
Impossible.
|
|
Hello guys,
today there was a big problem i got wile programming on my newest project. I have to save the Users Email-passwords in my system ( php + mysql ).
I do it now this way:
Is this secure? And when not what is a better way to do it?
greetz from...
Started by Dominik K. on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
This....
I'd recommand to use hmac with a random, long generated salt the hashed salted password.
Note that the password is unrecoverable, so your app should cater for this by having a 'reset password' function.
Storing it as such).
|
|
I'm setting up Cygwin, and one of the packages I'm using is 'email' for, what else, sending e-mail from a script.
I've "improved" one of my concerns about email's configuration, by copying /etc/email/email.conf to a directory within my home directory,...
Started by JMD on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at superuser):
You can use script to call your email program with the password sent as an argument, then it should be relatively easy to have a script query you for a password then send that to the email commandThere are a couple ....
Crypt.
|
|
I'm an old school type of internet user, who likes to have his email / forums / everything data separated ... and so please escuse me it this sounds overly paranoid or anything to you. Just curiosity speaking.
I was recently, by a better half, forced ...
Started by Thomas Geritzma on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at superuser):
Maybe I'm just too just via stored email address of the account + Facebook password!)
Personally, I wouldn't give them my email account....
I would've thought it would be a one-time operation.
To store your email password.
|
|
I like the idea of OpenID, I really do. But few of my target users have even heard of it - yet. If I want to offer OpenID as an option, my only choice would seem to come down to offering BOTH email/password authentication AND OpenID.
I've seen several...
Started by Rich Apodaca on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
I think the way Uservoice combines username+password with OpenID" alongside your "or, create a new....
By entered email as well, this is a trick facebook uses to send out facebook invitations to other people LiveID and Sign in Using OpenID.
|
