Secure pwd reminder ?
I want to be able to offer the users a safe way to be reminded of their passwords and usernames by their registred mail adress.
The way I do it today is to split the info between several databases ,
but there has to be a better and safer way to do it.
Does anyone have a better way ???
What part of the transaction do you want to secure/change?
You said you keep the info on different servers, does this mean that you want to protect the data from being stolen in case you are hacked?
Or do you want to protect the actual content of the mail being sent out?
Or maybe the reminder process, in other words how you know that the person asking for the password is actually the one who owns it?
The info is not on different servers, it is on other databases on the same server. But yes, I want it secure from ie. hackers.
I would prefer if it could be stored in one database if it is possible to maintain security this way.
And about the reminder process, at another site I have I use the HAM radio call (it's a site for a HAM radio club) as identification and send a mail to that calls registerd mail adress.
On this new site there is no such "global" identifier. My first thought was to use the mail adress and if it is found in the database the info would be sent there but many of the members have several mail adresses and what if they forgotten whitch one they used to register with.
The site is for traffic accident victims and many of the members have memory dissorders after a brain damage. So, it has to be a way that is easy for them to remember.
If You have a better angle than the mail adress I would be greatful.
The mail itself does not have to be encrypted. After reciving the mail and logged in the member can change the usernamn and pwd if they want to.
July 12th, 2002, 02:19 AM
Well, if you store the data at the same webserver as your website, your data will be compromised if someone hacks your webserver. So, the most secure way I can think of is that you store the actual database on a different server... preferably on another "leg" of your firewall and set your firewall to only allow the actual database connections. However, this requires two computers and possibly another firewall and might be to expensive for you... A cheaper way would be to store the data on another server but without a firewall... And the cheapest (and least secure) way is the one you got, in other words to store the info on the same computer as the website. If you are programming yourself, you would allso benefit of having a hard and critical look at the code and ask yourself "Do I really need to put the SQL password in this code? Should I keep the code in a separate document outside my website structure? Maybe I should even encrypt the file with the password..." and so on.
As for a reminder, I can't see any better way than to mail it to the allready registered mail (or maybe all registered mailaccounts the user have to get around the problem with several mailadresses).
Reminders are always a pickle and not that good securitywize, but people are people and will always forget passwords, so security and usabillity have to be weighthed against eachother in these cases.
Think of the worst case senario, and then try to match your security messures to that. If it is critical that the info don't get out, maybe you should skip the reminder function and instead force users to re-register. If it isn't, leave the function in.