|
Posted by NC on 01/19/06 19:22
d wrote:
>
> I was saying that sending the current password to the
> user is easier for the user than sending them a new one.
Maybe (although I have a problem believeing that the user is going to
care, since they forgot what the password was anyway), but there are at
least two security flaws with this approach. First, if passwords are
recoverable, they can be stolen by hackers or misappropriated by the
site's operator or hosting service. Second, sending a permanent
password via e-mail is a permanent security hole; sending out a
temporary password with instructions to reset it as soon as possible
makes this hole temporary.
> The only reason one would send them a new password is
> because their password isn't readable on the server.
> That's done through security needs of the server, as opposed
> to desired functionality.
Not at all. Deterring theft of passwords by employees of site operator
or hosting company is in fact a desired functionality...
Cheers,
NC
[Back to original message]
|