Reputation: 2030
Send password in mail or URL with random hash
Many times I have seen it been advised not to send a user his password directly through mail when he for example registers for your website, but instead to send him an email with an URL that contains a unique, random hash, that leads to a page on your website where he can set his own password. I'm just wondering: how is this more secure than sending a password? If either of these emails gets intercepted and read by a malicious third party, that third party would be able to access the user's account, right?
Only thing I can think of (while typing this even) is that sending a hash will only enable one user to set the password, so if a malicious party uses it, after which the user tries to set his password, he will know that something is wrong, as he won't be able to any more.
Am I correct in thinking that what I just mentioned is the only thing adding more security?
Upvotes: 2
Views: 427
Answers (1)
Reputation: 522382
Yes, you have very much identified the core reason: even if a third party intercepts the email containing the password reset link, that link is only valid once (it should be!) and expires as soon as it's used once. Since a user is typically waiting for the email to arrive and will click the link immediately, there's very little chance for an attacker to do anything malicious with it; that attacker would need to be actively hunting and intercepting the target in realtime to have any chance for that to work.
Furthermore, a password sitting in an email will probably sit there indefinitely. It can be recovered years later through all sorts of active, passive and accidental disclosures of the email. A password in an email is only as safe as the email it's stored in, which is pretty much as safe as any random plaintext file sitting on your hard disk and/or some random internet server. Which is: not that terribly safe.
In general, a password is a secret that only a single individual should know: the user. The password should solely exist in the user's head, or possibly a well secured password manager. Even the server where the password is used doesn't want to store the password (only an irreversible hash of it), and most certainly no random 3rd party crappy email provider.
Upvotes: 3
Related Questions
- How to generate random password with PHP?
- Sending one-time password over mail
- Generate Random password and send to email in PHP
- how to generate random password
- PHP generate random password
- Random password functionality
- Sending secure temporary password
- php hashed password creation
- How to send an email with password details in php?
- secure way to deliver password over URL?