The Official Forum - View Single Post

Camron Rust · #7 (**permalink**) Fri Jan 09, 2015, 02:31pm

The fact that they can send you your password in an email when you change it doesn't necessarily mean they store it in plain text. They could insert it into the email prior to transforming it and storing it.

The fact that they can send you your password by email at a later time also doesn't mean they're storing it in plain text. Data can be encrypted and stored and then decrypted when needed. They very well may be storing the passwords in an encrypted form that is not directly useful to a hacker or malicious employee. But, they are using a 2-way encryption method that allows the data to be decrypted. There will be a "key" that is used to encrypt and decrypt the data. If someone gets the data and the key, then they have the passwords.

The right way to handle passwords (and the way I handle passwords) is to use a 1-way hash on the password before storage. This method is not new and is used by a lot of websites.

When passwords are stored that way, it is impossible to ever determine what the person's password is. I have direct access to the database and the programming of reftown.com and even I can't tell what the actual password is for any of my users.

When a someone sets a password, it is passed through a 1-way encryption and then stored. When they log in, the attempted password is also passed through the 1-way encryption. If the two encrypted values match (the one from the database and the one from the attempted password), the user is allowed in.

This implies that the only way to get someone's password from such a system is to either intercept it before it gets to the server (using https solves that) or guessing at the password and seeing if it creates a match after encrypting. Using long and complicated passwords essentially makes that impossible.

What that also implies is that you have to reset your password if you ever forget it. There are a few ways to do that. You can use temporary passwords that require a change on the first use. Or, you can use 1-time use password reset links that give the user a password and allow them to change it.

Any website that can send you your password is not storing your password as securely as is possible. If it is recoverable, then a hacker can potentially download the entire user list and see everyone's password. If you use the same password at other sites, then every account you use it at is potentially compromised.