Geek Answers Handbook

Password change: best practice

I am writing Baby First Web Application. My first task was to set up an authentication system, and I think that everything is in order. I am new to all of this, therefore:

When the user reports that he has forgotten his password, I send him an e-mail temporary temporary password in plain text. This may not be the safest way to handle the situation, but as I do now. I force him to change it the next time he logs in, and the technique you use is to transfer the "mandatory change" field in the database, for the "true" parameter for users sent by e-mail, the value is "true".

My question is: Is a single database column the best tactic in the circumstances, or is there something better I can do?

+4
source share
3 answers

A separate column is quite reasonable.

Operating systems typically have a “Password Expiration Time” field that doubles as the “should change the next time you log in” flag by simply setting the time stamp to 0 (AKA January 1, 1970). Web sites usually do not have password expiration dates, in which case a simple logical flag is enough.

+3
source

I assume that you store passwords hashed and salted. If not, do it. If so, you can store metadata in salt. For instance. salt [0-9a-z]{8} , but for temporary passwords it is ____[0-9a-z]{4} . (before downvoting, people, read on!) The fact is that a separate field can be edited separately from the hash field. Of course, this should never have happened, but it could happen. (unsuccessful requests, trendy system administrators, people who discovered phpmyadmin and believe that they understand the system, etc.) Saving the "state" of the password in salt prevents such chaos: when checking the password, you can always see which you confirmed with a temporary password , and you can always determine the user who needs to receive an invitation to "enter a new password."

+2
source

My practice has always been to overload email authentication (when you send an email to the registrant to make sure that the registrant owns this address) also functions as a reset password mechanism. I use certain user information (username, identifier, email address, and, importantly, the current password hash in DB ) to make a hash that is included in the URL sent by email to the user, that they can set a new password of your choice.

Thus, the “best practice” in relation to user authentication is 95% of the time for a library user that someone else has written and tested extensively. Just search Google for what suits your infrastructure.

+1
source

More articles: