Forgot password encrypted email system?

  • Thread starter Thread starter DDK
  • Start date Start date
D

DDK

I really wish there were some examples explaining how to create a forgot
password email link system when you encrypt a password in a database and use
ASP.NET/C# preferably. Since the password is encrypted in SHA1, I can't
just send a user their password by email. So I'm not sure the best way to
accomplish a forgot password module when the password is encrypted in the
database. I've tried to find info on this but have not found anything that
really talks about this. Any help, links, or book suggestions would be
greatly appreciated.

Thanks,
d.
 
The way I see most often is to generate a random password, change the users
password to that random password and email it to them, then let them change
their password to whatever they want afterwards.
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unfortunately... if you store the passwords' hashes instead of the
passwords themselves, there's no way you can get them back. SHA1 is
designed to prevent you from doing that.

Usually either you mail them a new password to their alternate email
address, or you authenticate them using questions if the user doesn't
have any alternate email address. Hotmail does a good example of the
latter (questions like "how many folders do you have in your account?"
"what's your pet name" etc. etc.)

DDK wrote:

| I really wish there were some examples explaining how to create a forgot
| password email link system when you encrypt a password in a database
and use
| ASP.NET/C# preferably. Since the password is encrypted in SHA1, I can't
| just send a user their password by email. So I'm not sure the best way to
| accomplish a forgot password module when the password is encrypted in the
| database. I've tried to find info on this but have not found anything
that
| really talks about this. Any help, links, or book suggestions would be
| greatly appreciated.
|
| Thanks,
| d.
|
|


- --
Ray Hsieh (Djajadinata)
ray underscore usenet at yahoo dot com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQE/nJaNwEwccQ4rWPgRAsWTAJ9RbdeXIOx353JP4CON3G14eSfPRwCdG69h
C795KdGFBAbXX7bxuRcn1sc=
=sb9E
-----END PGP SIGNATURE-----
 
Back
Top