By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,660 Members | 1,735 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,660 IT Pros & Developers. It's quick & easy.

PasswordRecovery and clear password sent to users

P: n/a
Hi,

I collect hashed password in my BD. I give the opportunity to the user to
reset his password with the PasswordRecovery control. But, when he receive it
, it is a series fo strange characters like that ")(i5oA8&YPZB>Y"

How can I modify my webConfig to send human readable new password.

Tks

Jul 29 '08 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi,

As you know Asp.Net 2.0 password recovery control asks username first;
then if the user name exists in membership database the user receives
a clean password. If you are using hashed passwords in your membership
database, retrieving an old password is impossible since passwords are
one-way hashed. However if you make the following changes in
web.config file;

Passwordformat=”hashed”
Passwordreset=”true”
Passwordretriaval=”false”

reference :

http://www.codeproject.com/KB/aspnet..._Recovery.aspx
best of luck

Munna
Jul 29 '08 #2

P: n/a
Hi Munna. I checked your link to code project and this is waht the guy said :

you can use standard password recovery control with hashed passwords.
However, in this case when a user wants to recover the password, first the
old password will be reset, then a random password will be generated and sent
to user’s e-mail account. It will be a totally meaningless, hard to remember
password so users will have to go to their account page to change their new
password.

This is exactly my problem !!! My users seems not very cumfortable with
meaningless, hard to remember password. So, there is no solution except to
create a new control!!!

Jul 29 '08 #3

P: n/a
"Ghistos" <Gh*****@discussions.microsoft.comwrote in message
news:7A**********************************@microsof t.com...
Hi Munna. I checked your link to code project and this is waht the guy
said :

you can use standard password recovery control with hashed passwords.
However, in this case when a user wants to recover the password, first the
old password will be reset, then a random password will be generated and
sent
to user's e-mail account. It will be a totally meaningless, hard to
remember
password so users will have to go to their account page to change their
new
password.

This is exactly my problem !!! My users seems not very cumfortable with
meaningless, hard to remember password. So, there is no solution except to
create a new control!!!
The point is to encourage the users to change their password. Of course they
should not be comfortable with hard to remember passwords.
Jul 29 '08 #4

P: n/a
But on the other hand, yes, we should be telling the person to use the newly
generated strong password to login and then change that password --but-- if
they are using an application like a Password Minder they will be using a
strong password that password manager generated or they will just edit their
password in the password manager to use the newly generated strong password
sent to them. Either way, once the strong password has been returned to them
it is a waste of time to keep worrying about them.

"Jeff Dillon" <je********@hotmailremove.comwrote in message
news:e3**************@TK2MSFTNGP04.phx.gbl...
"Ghistos" <Gh*****@discussions.microsoft.comwrote in message
news:7A**********************************@microsof t.com...
>Hi Munna. I checked your link to code project and this is waht the guy
said :

you can use standard password recovery control with hashed passwords.
However, in this case when a user wants to recover the password, first
the
old password will be reset, then a random password will be generated and
sent
to user's e-mail account. It will be a totally meaningless, hard to
remember
password so users will have to go to their account page to change their
new
password.

This is exactly my problem !!! My users seems not very cumfortable with
meaningless, hard to remember password. So, there is no solution except
to
create a new control!!!

The point is to encourage the users to change their password. Of course
they should not be comfortable with hard to remember passwords.
Jul 29 '08 #5

This discussion thread is closed

Replies have been disabled for this discussion.