Password recovery requires reversible password storage

From Safeval Wiki
Jump to: navigation, search

The password recovery function assumes that the password is stored in clear text or in a reversible encryption in the database. In either case, the password can be recovered by system administrators. This prevents the user accountability for their actions. If a user is caught committing a fraud, he can always say that wasn't him but one of the administrators that also know his password. Besides the possibility of an attack by the system administrator, using passwords recovered in the database and there is also a risk of interception and breaking of confidentiality of the password by third parties.

The password recovery function must always generates a temporary password or an activation token that the user uses to set his new password. The token or the temporary password security level should be at least similar to the password and the user should obliged the exchange the password on the next login. The token or temporary password should be randomly generated by the system and should have limited validity. The mode of transmission of this token for the user is usually by email.