Geek Answers Handbook

Storing security questions and answers - hash or plain text

My passwords use sha512, but the secret question and answer is plain text. The question is, do I need to make secret answers? If so, what data type to use for it, will it still be char (128)? I assume the security question should be plain text on the right?

+6
authentication database php
source share
3 answers

Just get rid of secret questions, this is a meaningless measure:

  • they donโ€™t increase security, they actually reduce them, because itโ€™s pretty easy to find the answer, especially because, as you said, itโ€™s stupid who will use โ€œwhat is your favorite pet?โ€ as a "secret" question.
  • they can be frustrating because you can pronounce the answer a little differently (or in upper and lower case) when trying to recover your password.
  • If your password is hashed, you cannot return the password to the user, you will have to send him / her an email with a new password or link to change it, so why not just let the user enter his email address first?
  • This is just another additional field to fill in at registration. There are already too many ...
+5
source share

You also do not need to hash. If the user wants to reset their password through a question / answer, he must send an email with a link for this. If the attacker managed to get answers to questions / answers, they still will not help them if they no longer have access to the user's email, which means that all bets are largely disabled. You could haveh the answers if you want, and they will be stored in the same way as passwords, since they will end in the same format.

One question, however, are users asking their own question or choosing from a list? If from the list, why not just use the identifier for which the question was used, and have potential questions either in another table or hardcoded in the script?

+3
source share

This is an old post, but I wanted to add some thoughts on the nico answer (I'm too new to add comments). Security issues are useful when users no longer have access to their email address (this happens often). You need another way to identify them, or they will never return to your account.

You can reduce the risk of erroneous input by normalizing inputs (lowercase, upper / trailing spaces, etc.).

Back to the OP, if you are still using them, one of the reasons why they do not hash them is precisely the second point of nico - if the answer is "St. Cloud" and a person like "St Cloud", a poorly written system can deny reset . But the administrator will see that the answer is clearly correct if the answers were not hashed. If the answers were hashed, there would be no way to know if the user was even close.

+1
source share

More articles:


All Articles