TalkPHP - View Single Post

DragonBe · 11-20-2007, 12:46 AM

I've had many discussions about the way user passwords should be kept inside the database. And I want to see how you think about this topic.

Many people use same username and password combo on all sites they need to authenticate themselves to. This means if your database gets hacked, clear text passwords stored in the database can now be abused to login onto financial service providers like google or paypal.

I believe that it's better to generate a one-way encrypted password by using MD5 or other encryption mechanism. If your customer forgets that password you can generate one on-the-fly to send it to his registered e-mail address.

A little bit more security and a little less user experience will even the balance.

11-20-2007, 12:46 AM	#1 (permalink)
DragonBe The Wanderer Join Date: Nov 2007 Location: according to my wife: on the Net Posts: 19 Thanks: 0	Single way password storage I've had many discussions about the way user passwords should be kept inside the database. And I want to see how you think about this topic. Many people use same username and password combo on all sites they need to authenticate themselves to. This means if your database gets hacked, clear text passwords stored in the database can now be abused to login onto financial service providers like google or paypal. I believe that it's better to generate a one-way encrypted password by using MD5 or other encryption mechanism. If your customer forgets that password you can generate one on-the-fly to send it to his registered e-mail address. A little bit more security and a little less user experience will even the balance.