Whenever I make a site or application that involves any kind of user validation, I use login/password combinations. Login and password get stored in a database, the login in plain text, the password hashed. When the user forgets his password, make sure there is a mechanism to create a new one and send that to a pre-approved email address.
Rationale is that hashing passwords irreversibly is the only way to guarantee that NO ONE can access the passwords. Not even staff. Because if paswords are readable, sooner or later someone will do so. It may take years, but one day someone will. Now what about this history... http://news.bbc.co.uk/2/hi/uk_news/england/shropshire/7585098.stm The reassuring note that the staff member involved is not that reassuring to me. Actually to me it is rather scary to know that Lloyds stores passwords either plain-text or with a reversible hash, permitting god knows who to read the password. Moral of the story: NEVER EVER STORE PASSWORDS PLAINTEXT. One doesn't even store mailinglist passwords plaintext, not to mention passwords of any service involving money... Marc
