> Hashing passwords may be the way to go, but how does everyone handle > emailing lost passwords to users? Just assign them a new password and > force them to use it? > > But I guess big sites (like Amazon) don't hash because they send the > current password.
If you assign them a new password, you can still allow them to change that password once they've logged in ... Users who actually set their own passwords _tend_ to remember them ( although there are exceptions of course ) ... Amazon either doesn't encrypt the passwords going into the db or they use a 2-way encryption routine with a key that they keep / manage internally... Isaac Dealey www.turnkey.to 954-776-0046 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
