[FX.php List] [Off] Using Clear Text Passwords/Registration Design

Joel Shapiro jsfmp at earthlink.net
Thu Feb 12 14:58:10 MST 2009 

I agree with Tim on deciding with the client how secure they want/ 
need their system to be.  I had one client specifically ask to have  
passwords sent in plain text in emails when a user forgets her/his  
password, as they felt that would be easiest for everybody and their  
site doesn't really need much security.

Another client recently wanted to use their company email addresses  
as user login names.  I designed the system to let the users set  
their own passwords, and then when they forget them, the client/admin  
clears out that user's password (via their admin PHP page) so that  
the user will need to create a new one on next login -- without  
anyone ever seeing what the password had been.  I did this in part  
because I realized that many users would probably use the same  
password in this site as they use for their email acct, and I didn't  
want the responsibilty of the client/admin having access to their  
users' email passwords.

Best,
-Joel


On Feb 12, 2009, at 1:29 PM, Tim 'Webko' Booth wrote:

>
> On 13/02/2009, at 1:34 AM, Jonathan Schwartz wrote:
>
>> Hi Folks,
>>
>> Does anyone have advise or links to reference material on the  
>> design of well-designed registration/log-in systems, particularly  
>> involving the sending of passwords in cleartext?
>>
>> Here's the problem...some end users of a clients project complain  
>> about receiving their passwords via email in cleartext.  Googling  
>> the subject turns up an ongoing debate between security and  
>> convenience.
>
> It should be about reasonable security for the system involved.
>
> A system for banking should be like Leo described.
>
> A user support forum doesn't really need all of that.
>
> So, first define with the client how secure *they* think the system  
> should be. And then remember that half the people, given a chance,  
> will use Password and Secret for their logons anyway.
>>
>>
>> For reference, I am allowing the end user to specify the password,  
>> sending the password in cleartext in the confirmation email and  
>> also sending the password via email in cleartext in the 'retrieve  
>> password' routine.  There is personal information involved.
>
> How much, and of what? Names and roles in the company are pretty  
> much public knowledge, where their banking details would be a  
> different issue.
>>
>>
>> An additional question: Are we theoretically protecting from 1)  
>> eavesdropping on emails as they are being sent, 2) theft of  
>> recipient's emails/computer after being received, 3) theft/loss of  
>> the client's database...or all of the above?
>
> Most of this is about 'man-in-middle' eavesdropping on email/ 
> interwebs traffic.
>
> Point 2 - there's very little that can be done by you about  
> physical security, and it's always the worst issue out of the lot  
> to deal with (there have been so many cases of highly confidential  
> info being on a lost laptop/USB/CD that I can't even begin...)
>
> If 1 or 2 occur, then whoever has the chance to login as that  
> person, so there's your level of risk
>
> Cheers
>
> Webko
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list