forgot your password? we will tell you what it is....how?
Posted on 2006-04-05
Whenever I make a user registration site or something else that requires a password, I encrypt it so that in the database, it is unreadable.
If someone forgets, the encryption is one way so it cannot be decrypted. In order to get them back in, i would need to reset the password to something I know, and then have them change their password later.
Does this mean that every website that is able to tell you what your password was when you forgot uses 2 way encryption (encrypt + decrypt, aka administrator could decrypt your password if he wanted to see what it was) or stores your password in plain text? Is there anyway scheme setup so that only users are able to decrypt their own password, kinda like a public/private key?