By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,152 Members | 1,647 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,152 IT Pros & Developers. It's quick & easy.

Forgot password encrypted email system?

P: n/a
DDK
I really wish there were some examples explaining how to create a forgot
password email link system when you encrypt a password in a database and use
ASP.NET/C# preferably. Since the password is encrypted in SHA1, I can't
just send a user their password by email. So I'm not sure the best way to
accomplish a forgot password module when the password is encrypted in the
database. I've tried to find info on this but have not found anything that
really talks about this. Any help, links, or book suggestions would be
greatly appreciated.

Thanks,
d.
Nov 15 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
The way I see most often is to generate a random password, change the users
password to that random password and email it to them, then let them change
their password to whatever they want afterwards.

"DDK" <dd*******@hotmail.com> wrote in message
news:eB**************@TK2MSFTNGP09.phx.gbl...
I really wish there were some examples explaining how to create a forgot
password email link system when you encrypt a password in a database and use ASP.NET/C# preferably. Since the password is encrypted in SHA1, I can't
just send a user their password by email. So I'm not sure the best way to
accomplish a forgot password module when the password is encrypted in the
database. I've tried to find info on this but have not found anything that really talks about this. Any help, links, or book suggestions would be
greatly appreciated.

Thanks,
d.

Nov 15 '05 #2

P: n/a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unfortunately... if you store the passwords' hashes instead of the
passwords themselves, there's no way you can get them back. SHA1 is
designed to prevent you from doing that.

Usually either you mail them a new password to their alternate email
address, or you authenticate them using questions if the user doesn't
have any alternate email address. Hotmail does a good example of the
latter (questions like "how many folders do you have in your account?"
"what's your pet name" etc. etc.)

DDK wrote:

| I really wish there were some examples explaining how to create a forgot
| password email link system when you encrypt a password in a database
and use
| ASP.NET/C# preferably. Since the password is encrypted in SHA1, I can't
| just send a user their password by email. So I'm not sure the best way to
| accomplish a forgot password module when the password is encrypted in the
| database. I've tried to find info on this but have not found anything
that
| really talks about this. Any help, links, or book suggestions would be
| greatly appreciated.
|
| Thanks,
| d.
|
|
- --
Ray Hsieh (Djajadinata)
ray underscore usenet at yahoo dot com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQE/nJaNwEwccQ4rWPgRAsWTAJ9RbdeXIOx353JP4CON3G14eSfPRw CdG69h
C795KdGFBAbXX7bxuRcn1sc=
=sb9E
-----END PGP SIGNATURE-----

Nov 15 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.