PasswordRecovery and clear password sent to users

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • =?Utf-8?B?R2hpc3Rvcw==?=
    #1

    PasswordRecovery and clear password sent to users

    Hi,

    I collect hashed password in my BD. I give the opportunity to the user to
    reset his password with the PasswordRecover y control. But, when he receive it
    , it is a series fo strange characters like that ")(i5oA8&YPZB>Y "

    How can I modify my webConfig to send human readable new password.

    Tks

    Tags: None
    • Munna
      #2
      Re: PasswordRecover y and clear password sent to users

      Hi,

      As you know Asp.Net 2.0 password recovery control asks username first;
      then if the user name exists in membership database the user receives
      a clean password. If you are using hashed passwords in your membership
      database, retrieving an old password is impossible since passwords are
      one-way hashed. However if you make the following changes in
      web.config file;

      Passwordformat= ”hashed”
      Passwordreset=” true”
      Passwordretriav al=”false”

      reference :

      http://www.codeproject.com/KB/aspnet/Password_Recovery.aspx



      best of luck

      Munna

        Comment

        • =?Utf-8?B?R2hpc3Rvcw==?=
          #3
          RE: PasswordRecover y and clear password sent to users

          Hi Munna. I checked your link to code project and this is waht the guy said :

          you can use standard password recovery control with hashed passwords.
          However, in this case when a user wants to recover the password, first the
          old password will be reset, then a random password will be generated and sent
          to user’s e-mail account. It will be a totally meaningless, hard to remember
          password so users will have to go to their account page to change their new
          password.

          This is exactly my problem !!! My users seems not very cumfortable with
          meaningless, hard to remember password. So, there is no solution except to
          create a new control!!!



            Comment

            • Jeff Dillon
              #4
              Re: PasswordRecover y and clear password sent to users

              "Ghistos" <Ghistos@discus sions.microsoft .comwrote in message
              news:7A32757B-9492-4101-8FE9-15AA2B8F3C6C@mi crosoft.com...
              Hi Munna. I checked your link to code project and this is waht the guy
              said :
              >
              you can use standard password recovery control with hashed passwords.
              However, in this case when a user wants to recover the password, first the
              old password will be reset, then a random password will be generated and
              sent
              to user's e-mail account. It will be a totally meaningless, hard to
              remember
              password so users will have to go to their account page to change their
              new
              password.
              >
              This is exactly my problem !!! My users seems not very cumfortable with
              meaningless, hard to remember password. So, there is no solution except to
              create a new control!!!
              >
              The point is to encourage the users to change their password. Of course they
              should not be comfortable with hard to remember passwords.


                Comment

                • JackPot
                  #5
                  Re: PasswordRecover y and clear password sent to users

                  But on the other hand, yes, we should be telling the person to use the newly
                  generated strong password to login and then change that password --but-- if
                  they are using an application like a Password Minder they will be using a
                  strong password that password manager generated or they will just edit their
                  password in the password manager to use the newly generated strong password
                  sent to them. Either way, once the strong password has been returned to them
                  it is a waste of time to keep worrying about them.

                  "Jeff Dillon" <jeffdillon@hot mailremove.comw rote in message
                  news:e3qFwEb8IH A.3656@TK2MSFTN GP04.phx.gbl...
                  "Ghistos" <Ghistos@discus sions.microsoft .comwrote in message
                  news:7A32757B-9492-4101-8FE9-15AA2B8F3C6C@mi crosoft.com...
                  >Hi Munna. I checked your link to code project and this is waht the guy
                  >said :
                  >>
                  >you can use standard password recovery control with hashed passwords.
                  >However, in this case when a user wants to recover the password, first
                  >the
                  >old password will be reset, then a random password will be generated and
                  >sent
                  >to user's e-mail account. It will be a totally meaningless, hard to
                  >remember
                  >password so users will have to go to their account page to change their
                  >new
                  >password.
                  >>
                  >This is exactly my problem !!! My users seems not very cumfortable with
                  >meaningless, hard to remember password. So, there is no solution except
                  >to
                  >create a new control!!!
                  >>
                  >
                  The point is to encourage the users to change their password. Of course
                  they should not be comfortable with hard to remember passwords.
                  >

                    Comment

                    Previous template Next
                    Working...