How to: Recover account password via Account Manager
Posted: 23 Jul 2008, 07:12
Hi all,
here are some thoughts about changing a forgotten password through the account
manager.
Approach I: The user enters his username, mailaddress, two times his new
password and the procedure is finished. Maybe he gets informed via mail.
Approach II: The user enters his username and mailaddress. A new password will
be generated by the server and sent via mail to the user.
Approach III: The user enters his username and mailaddress. He gets a
mail containing a link with his username and a generic unique key. The link
takes him to a form where he can change his password if unique key and username
correct.
Imo the third approach is the safest. Only with the knowledge of a username and
a password one shouldn`t be able to change a password directly. We should
validate the whish of changing via mail and active response of the owner of the
mailaccount.
One problem in approch III is, that atm there is no field in the database to
store the unique key sent to the user.
Therefore I have another three approaches:
1.) Extend the table tmw_accounts by this field
2.) Use a second database file only for account manager needs.
3.) Generate a deterministic key that could be validated by the account manager
via known parameters. Maybe a combination of a secret salt, username and
mailaddress.
here are some thoughts about changing a forgotten password through the account
manager.
Approach I: The user enters his username, mailaddress, two times his new
password and the procedure is finished. Maybe he gets informed via mail.
Approach II: The user enters his username and mailaddress. A new password will
be generated by the server and sent via mail to the user.
Approach III: The user enters his username and mailaddress. He gets a
mail containing a link with his username and a generic unique key. The link
takes him to a form where he can change his password if unique key and username
correct.
Imo the third approach is the safest. Only with the knowledge of a username and
a password one shouldn`t be able to change a password directly. We should
validate the whish of changing via mail and active response of the owner of the
mailaccount.
One problem in approch III is, that atm there is no field in the database to
store the unique key sent to the user.
Therefore I have another three approaches:
1.) Extend the table tmw_accounts by this field
2.) Use a second database file only for account manager needs.
3.) Generate a deterministic key that could be validated by the account manager
via known parameters. Maybe a combination of a secret salt, username and
mailaddress.