Reputation: 4135
Sending one-time password over mail
Maybe this is a better question for the Security SE, but I figure this wouldn't be a bad place to ask it either.
I'm developing a Web App to hold online elections inside companies. Electors can log in on the app, vote on their favorite candidate and then exit the app.
Electors all get assigned a fairly unpredictable username with at least 4 random integers (by php's random_int() and a completely unpredictable password (by php's random_bytes().
The client wants to send the username and password of every elector (sometimes up to 5,000 different people) over email. I'm not a huge fan, but it's that or no job for me. The email is send over SSL, so at least that's something.
I was thinking that since the electors only have to vote one time, I could deactivate their accounts immediately after their vote was cast. Logging in again with the same credentials wouldn't work then. Also, I could change their password every 24 hours and send the electors that hadn't voted yet a new email with the updated credentials. An election usually lasts 3-5 days, so those updated emails would automatically act as a reminder to cast a vote. When the election closes, all associated accounts would be deactivated too.
Is this secure enough? I've read lots of articles that push you to use one time URIs with tokens, but the created accounts in my app could only be logged in once after which they are deactivated. In my mind, one time URIs with forms for the user to create a new pass are a hassle for the user since he would only log in once and then forever forget about the account.
NOTE: all generated passwords pass bcrypt() before they are stored in the database. The email is sent just after the password is generated and that would be in fact the only time the password is viewable in plain text (though over SSL, for what that's worth).
Upvotes: 0
Views: 747
Answers (1)
Reputation: 24131
From your description I get that you don't need a user account at all, otherwise you wouldn't think about deleting the account immediately. And the election seems to be anonymous, so there is no reason to link the election to a user, is that correct?
If above is correct, you could simply store the e-mail address together with a random token. The token can be sent as part of an URL to the user. When the user clicks the link, you can check if this token exists, and after completing the election you can delete the e-mail/token. This would not require a user name nor a password.
The token must be strong enough (at least 20 characters a-z A-Z 0-9) and only its hash should be stored in the database, though if the token is strong enough, you can use a fast hash like SHA-256 without salting, so you can search for it in the database.
Upvotes: 2
Related Questions
- Authentication php mail
- Send password in mail or URL with random hash
- php send user password via email
- PHP mail doesn't require a password?
- Sending password link to email when user forget password
- Sending an password reset email using PHP
- Sending secure temporary password
- How to send an email with password details in php?
- Emailing password on sign up
- send email from PHP with outgoing mail server & userid and password authantication