Advice on creating a "Forgotten Password?" function?

I need to add a "Forgotten Password" option to a sign in form which, as I understand, is best if you simply reset the password as opposed to sending it to the user by e-mail, which could be intercepted. Right?

1) Sign in page
2) Sign in fails - display link to Reset Password page
3) Ask user to enter email address to reset their password. Upon submission, the system writes a temporary password to database and e-mails it to the e-mail address.
4) User receives an e-mail with a link to a page that asks them to log in using the temporary password displayed in that e-mail.
5) Once logged in, they are forced to reset the password to something else - in case the reset password e-mail is intercepted.

Is that the best approach?

How do I generate a random password in Step 3 above?

Thank you.
NJ

It has nothing to do with intercepting email. When you encrypt your passwords in your database you can't send them to the user. That is why you would use a reset password rather than sending it.

Webassist has a binding for a random password you can use if that is the technique you want to use. Your technique seems valid.

I see that, in the SecurityAssist menu. I'll check that out.

"When you encrypt your passwords in your database...".... :(
Can you elaborate?

Database content is notoriously targeted by hackers and often breached. You have seen it happen to even large companies like Sony, Verizon, and Target in recent years.

One way to protect data is to store it with one-way encryption. We have several encryption options with Data Bridge that can be used. If a database stores information encrypted, then even if someone gets ahold of your database content they won't be able to make sense of the data in it.

I've never really understood encryption. In the case of a password, does that mean that what's stored in the database isn't the actual password itself? So when a user types their password into a password form field and submits it, a function converts that into the encrypted...what?....series of letter, numbers, characters etc and if it matches then they're in?

Can't the encryption be worked out, or is it a case of infinitesimal combinations that would take years to work out?

So should this just be applied to passwords or ALL user data in a database? Sounds like it should be the later.

I have Data Bride and Data Assist. How do I access these options?

Thank you.
NJ

In the case of passwords you can use hashed encryption. What gets stored in the database is a seemingly random string of numbers and letters. When your user logs in you encrypt the value they enter and compare it again and if the encrypted strings match they are let in.

The original hashed value is inaccessible, so it isn't appropriate for most fields. That is where two way salted encryption comes in. A salted encryption can be retrieved from an encrypted field if you have the original encryption string "salt" value used to encrypt it. Then the salt can be saved outside of the database in the php code. Then if someone gets your database they won't be able to decipher the data unless they also get a hold of your salt value. Since getting data from a database and getting data from php are both difficult for a hacker, getting both at once would be more difficult and therefor your data is protected.

The drawback to using a two-way encryption for data is that you can no longer do keyword or partial match searches. Any search would need to be exact match. So really you should only hash passwords and only encrypt fields that contain sensitive enough data that you are ok with the accompanying search restrictions.

In the webassist database I hash the password field and use two way encryption on the email address, phone number, last name, and street address fields. If someone were to get their hands on our database they would only know the first names, city, and state of our users which they couldn't do much with.

There are of course a lot of complications and considerations that you have to use once you start using encryption. For instance you would want to enforce a strict format for phone number if you encrypt it, otherwise it would be impossible to search. I convert all email entries to lower case, again to allow searching more easily. It adds quite a few layers of complexity.

Is this option within one of the WebAssist extensions? I'm struggling, as it is, setting up a registration page (just with a plain text password).

I see there is an "Email Encrypted Password" option in the SecurityAssist menu and "Encrypted Password Return"...is that the correct option?

I'm not clear how I set this up on my registration page.

Hope you can help. Thank you.
NJ

If you are using a plain text password then you can just send the password using Universal email. Just filter a recordset with the entered email address and then send the password returned from the recordset in the email body with a trigger so that it only sends if the recordset is not empty.

The easiest way to do all of this is using the Security Assist wizard as it will create the registration, login, and forgot password pages for you.

My advice is to plan exactly what you want to do and then think of the steps. There are many ways to do forgot password. The simplest is not encrypted password and send it. Encrypted you either use a reset password link with a key or set a temporary password and send it. Additional security measures could include answering a security question first. How you do it depends on what you want to do and whether you are able to use mySQL or need mySQLi.