I need to implement a Forgot Password page, but my passwords are salted & hashed. So I can’t retrieve them conventionally. My idea was to do the following:
-
When an user clicks the Forgot
Password link, they naturally need to
type in their email address (which is
also their username). -
Their password gets reset to a hashed
& salted password i made. Then, i send
an email to them which contains a
link to a new page where they can
type in their new password. -
The link contains the new hashed & salted
password (as a $_GET variable) which
is just for authentication purposes. -
I just grab the $_GET variable from the link, authenticate against entry in DB and hash & salt new password and insert into db.
How safe is this? For a site that won’t easily be targeted by spammers and brute force attackers.
Thanks in advance.
This sounds fine; for total security on a more frequented site however, a slightly different method would be worth considering:
Have the user type in their E-Mail address as usual
Populate a second password field with the random password you build and send out
Populate an additional column with the date and time the second password was generated
If the user doesn’t react (i.e. log in with the new password) within 24 hours, remove the password from the second column
In the E-Mail with the new password, explain to the user that if they didn’t request the new password, they can just ignore it.
This way, a third party entering a user’s E-Mail address can’t block a user from their own account by resetting the password completely.