Terry Windwalker
Reputation: 1892
How do I know if a user has used a similar string when changing the password?
I see that there's a security requirement in some audit systems that says "the user cannot change the password to a similar string". For example, simply changing 123456 to 123456! should not be allowed.
But if I am storing the password in the form of hashed string in my database, it seems there's no way for me to know if the two strings are similar. Even if a slight change is applied can lead to huge difference.
I wonder if there's a way for me to achieve this, other than storing the password somewhere else. So that the users' password can always be safe even if my server is hacked.
Upvotes: 0
Views: 17
Answers (0)
Related Questions
- Where do you store your salt strings?
- Is SecureString ever practical in a C# application?
- Why can't we store every hashed password ever in storage(HDD) and use that to match the hashed password instead of use brute force password cracking?
- How to add a forgot password feature for the described system without compromising its security?
- How should I ethically approach user password storage for later plaintext retrieval?
- Securely Storing Password Hashes in Cache
- Is it okay to store salts with hashes?
- Getting a char array from the user without using a String
- How does the system know when a password contains parts of a previous password?