|
|
|
|
|
|
by tonyarkles
5256 days ago
|
|
|
I was just thinking about this too. You could do the normal hash approach, but also encrypt the password with asymmetric encryption (public/private keys). The public key goes on the server to encrypt the password, the private key gets kept somewhere else securely. When a user forgets his or her password, you use the private key to decrypt it and give it to them. Depending on how securely you keep the private key (say, on a USB key, kept in a lock box), it might be a hassle, but I'm pretty sure it'd be a secure way to still have access to the cleartext passwords. |
|
|