Implementing 'Forgot Password' feature

By Paladion

March 15, 2005

Which is the best method for implementing the Forgot Password feature?

  1. Displaying the old password after asking a reminder question
  2. Displaying a new password after the reminder question
  3. Sending a temporary password by mail
  4. Sending a temporary link to a 'Change Password' page by mail

The correct answer to the quiz is 4) Sending a temporary link to a 'Change Password' page by mail. The challenge of a good Forgot Password feature is to prevent an attacker from stealing the password by impersonation or sniffing. So the first two options are out of question. Both are similar since in both cases the password will be displayed in clear text. They make it possible for attackers to steal passwords either by sniffing the traffic or by shoulder surfing. Also the password would have to be stored as clear text in the database and can be recovered. Passwords should be stored encrypted in the database. If the password is stored as a one way hash in the database, then it can not be recovered and can only be reset to a new a value. Now, we can reset the password to a temporary value and send this temporary password to the user by mail. Again, the attackers may obtain it by sniffing or from the mail which may be lying in the user's mailbox for a long time.

So the most secure method of implementing this feature is to send a temporary link to a change password link by mail. The application can ask a reminder question and on getting the right answer, send a mail to the user with a link that is active only for a short time. This page will allow the user to reset the password. This way, the password can neither be sniffed or shoulder surfed. Since the link is active for only a short time, there is no risk even if the mail lies in the mailbox.

Tags: Quiz