Should I even use hash passwords in this situation?

Question

Should I even use hash passwords in this situation?

My site does not contain too sensitive data. I think about storing passwords, because if the user wanted to receive his password by e-mail (if he lost it), then I could send it to them, and not do something bulky and exhausting for users, such as sending them a new password was created (it is also ineffective).

Should I just keep them as is?

+3

passwords hash

Gal Dec 28 '09 at 10:50

source share

9 answers

Why a dilemma? You probably shouldn't be designing an account management system yourself. Take some standard password management component and save yourself debugs and security errors.

+9

Pavel Radzivilovsky Dec 28 '09 at 10:55

source share

: YES, HASH (AND SALT) PASSWORDS, .

, , , , - , .

+8

David Hall 28 . '09 10:54

- - , , - .

+7

Kobi 28 . '09 10:52

- , : . , , .

, , .

+4

Rubens Farias 28 . '09 10:54

. , . , , , . , ( ), .

+2

Marcelo Cantos 28 . '09 10:54

. , , , , .

+2

chburd 28 . '09 10:57

openid (http://openid.net/) .

+1

Numenor 28 . '09 12:06

Definitely hash them; there is no reason not to. You can even encrypt the password in the user's browser and simply transfer the hash, for example. with the code used here .

0

martinus Dec 28 '09 at 11:17

source share

Emil Vikström · Accepted Answer · 2009-12-28T10:52:45+0000

No, you have their hash. Most users have the same password on multiple sites, so even if your site is not too sensitive, there may be other sites with the same username and password that are more sensitive.

If users forget their passwords, send them a new one.

Should I even use hash passwords in this situation?

More articles: