Home/ Questions/Q 7841383
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T16:05:18+00:00

I am implementing a login script that includes the ability to email users their

  • 0

I am implementing a login script that includes the ability to email users their username and password (stored in a MySQL database), in case they have forgotten either. The default behaviour of the script is to send the username and a new password, i.e. a temporary password is generated.

I am wondering if there is a way to just email the current password instead, so that the user wouldn’t have to reset it. At the moment the passwords are encrypted, but I can’t work out how this is done. The passwords are in the format:

*2D4CE9DDA883E4FBE985A3439D9DCDCBD88367A0

So when I try to send the current password, the encrypted password is sent.

Is there a way to decrypt the password on sending the reminder email, or do I have to leave it as it is?

Thanks,

Nick

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You really shouldn’t do this, even if it is possible (which I doubt). Email is extremely insecure, and users tend to reuse passwords:

    1. User comes up with a password and uses it on a bunch of sites including yours
    2. You send a forgot password email with their password in it
    3. Attacker intercepts that email and now has the user’s password on every site they use

    Just give them a new password like everyone else (and encourage or require them to change it on their next login).

    • 0