Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Encrypting Passwords
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Encrypting Passwords
 Post Reply Post Reply Page  12>
Author
  Topic Search Topic Search  Topic Options Topic Options
Misty View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 February 2002
Location: United States
Status: Offline
Points: 711 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Misty Quote  Post ReplyReply Direct Link To This Post Topic: Encrypting Passwords
    Posted: 25 September 2004 at 4:39pm

I would like to get insights from people about something.  I know that it is very useful to encrypt passwords that are stored in a database especially if your database could be downloaded from your web site. However, I have a concern about forgotten passwords. I've heard that people cannot receive their passwords via email if they are encrypted. Is there any way to work around this? Another concern that I have is a person would have to reset his/her password if he or she forgot it. 

  
Back to Top
dj air View Drop Down
Senior Member
Senior Member
Avatar

Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dj air Quote  Post ReplyReply Direct Link To This Post Posted: 25 September 2004 at 4:52pm

what you/people ussually do is when someone has forgotten their password.

you then create a new one (random) and send it via email or something....

 
Back to Top
xeerex View Drop Down
Senior Member
Senior Member


Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601 		Post Options Post Options   Thanks (0) Thanks(0)   Quote xeerex Quote  Post ReplyReply Direct Link To This Post Posted: 25 September 2004 at 5:01pm
Interestingly, you can yank passwords literally out of cyberspace since 99% of all emails are sent in plain text. Its very simple to do at the correct places although considering the amount of email flying around including spam, I suppose it isn't too practical. Go and download EtherReal or similar software and let it monitor your traffic. It's especially funny (scary??) when you run it on your LAN if you have one. You'll find out all sorts of nifty things...

I'd have to say I'm for the "email a new password/activation link" and require an immediate password change just for safety....but that's my 2 cents.
Need Hosting, Domains, Dedicated Servers?
web design | pc support | training | podcasts | video production
Back to Top
pmormr View Drop Down
Senior Member
Senior Member


Joined: 06 January 2003
Location: United States
Status: Offline
Points: 1479 		Post Options Post Options   Thanks (0) Thanks(0)   Quote pmormr Quote  Post ReplyReply Direct Link To This Post Posted: 27 September 2004 at 10:25pm
you could do what msn does... use a secret question or something like that.
Paul A Morgan

http://www.pmorganphoto.com/
Back to Top
Mart View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 November 2002
Status: Offline
Points: 2304 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mart Quote  Post ReplyReply Direct Link To This Post Posted: 28 September 2004 at 2:55am
Thats insecure IMHO, 90% of the people hacked on MSN will be hacked because someone guessed their secret question (not an official statistic)
Back to Top
padoxky View Drop Down
Groupie
Groupie
Avatar

Joined: 17 June 2004
Location: Nigeria
Status: Offline
Points: 78 		Post Options Post Options   Thanks (0) Thanks(0)   Quote padoxky Quote  Post ReplyReply Direct Link To This Post Posted: 30 March 2005 at 9:17am
I suggest you fellow this link http://www.w100w.com you find what you are looking for.
If you still need it.
 
NgWebDesigns
Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 30 March 2005 at 1:12pm
Reset password is best I reckon.  Gotta be careful of people reseting other peoples passwords to be a nuisance however.
Back to Top
ub3rl337ch3ch View Drop Down
Senior Member
Senior Member
Avatar

Joined: 16 February 2005
Location: Australia
Status: Offline
Points: 341 		Post Options Post Options   Thanks (0) Thanks(0)   Quote ub3rl337ch3ch Quote  Post ReplyReply Direct Link To This Post Posted: 04 April 2005 at 12:38am
All encrypts do have a decrypt. It's a matter of knowing what the cypher is.
 
What you could do is send a link via email which will take them to a password change page as thought they had logged in normally (eg, set your password checker to "if 1=1" for that page, or something like that).
 
That or resetting their pass, and sending an autogen pass to them by email. Both have the problems with people plucking them out of cyberspace, but the top one would probably be slightly more secure, as someone interested in random mayhem is less likely to bother following a link and entering new pass and everything, than just using a pass... the difference is marginal however.
 
A better way that plain text would be to send them the password in a .txt file which you had changed the extension of (to something like .dud) and then instruct them to change the extension back to .txt. This is a lot less likely to be picked up by a password sniffer.
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.