• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 388
  • Last Modified:

asp:PasswordRecovery - show password on screen

Hi
I'm developing an intranet where a lot of users dont have an email address so i need to do a password recovery by asking them their security question, and then reveal the password on screen

Is this possible ?
I'm really after the code or a tutorial that shows how to do this
i've looked and all i can find are the standard tutorials that email the password

Thanks
0
websss
Asked:
websss
  • 2
1 Solution
 
Nicholas FordCommented:
If they send the password via email, just change the script so that instead of sending the email it displays the result on the page.  Remember, the only way to show a users password again is if it's not stored in an encrypted format (i.e., MD5 hash).
0
 
websssAuthor Commented:
it's encrupted
I can see salt etc in the DB

so is my only option an email?
0
 
Nicholas FordCommented:
As it is encrypted, you can not feasibly retrieve the original email.  All you can do is take user input, hash it using the salt (using the same/original hashing function) and compare the resulting hash with what's stored in the database.

So for forgotten passwords you will need to have users reset their password after passing the security question.  You can do this either way (immediately on the page or by sending a link via email).  The best way would be considered to email the link so that it's more likely that the user is the one resetting the password.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now