Reputation: 125
Forgot my password feature by sending encrypted password
For a website which stores passwords hashed with the password_hash php function, I was thinking of the following way to enable users to reset their passwords, but I did not know if it caused any security breach:
- User fills form with their email/username combination
- Form retrieves this user's hashed password and sends it by email
- User fills form with their hashed password, and their new password
- Database is updated with new password
This seems to ensure that only someone with access to the account owner's email could change the password
Upvotes: 0
Views: 64
Answers (1)
Reputation: 893
Emailing the hashed password exposes this in plaintext over email. While a strong hashing function prevents brute-forcing, it is still susceptible to dictionary attacks and the like. So, if an attacker were to intercept the email they might be able to determine the password.
This is especially troublesome knowing that many users reuse passwords across different services. Also, such an email can remain in the users' mailbox for a long time. This means that the security risk could remain for years after the user successfully resets his/her password.
A much safer alternative is to use a one-time random token (which you will of course need to store somewhere in the database), ideally also limited in time: this ensures only the recipient of the email can reset the password while avoiding the risk mentioned above.
Upvotes: 2
Related Questions
- How to get actual password through forgot password mail in php?
- Password recovery not sending email
- PHP password recovery
- php send user password via email
- Secure password reset without sending an e-mail
- Forgot password functionality - retrieve and mail - symfony2
- how to recover crypted password in php
- php forgot password page
- Forgotten password in webapp
- Sending forgot password emails