A few examples of unacceptable practices followed by certain websites include:
- Sending your password to your email in plain text.
- Allowing user to set new password just by answering simple personal details like DOB, Zip code etc which might be known to a number of your friends and family members.
Often it is simple enough to implement a password reset functionality with a reset-link that contains a GUID which expires after a certain period of time. It could be more secure, but is a tradeoff between providing greater security and a longer reset process.
One of the major risks of websites with very naive reset procedures is that many people use the same password with multiple websites. So if a user's password gets compromised on a site, then the attacker can easily try those passwords with other services and gain easy access to user data.
Only if the send you your old password. If they reset your password, they can send you the plaintext first, then hash the password and store it in the database.
No. The problem is that email isn't encrypted on the backend. Sending a plain text password means every server between the website's SMTP server and your email provider's SMTP server can see the password.
a) Work once. If you click on a password reset link and it says it's already been used, you know something is up, v.s. someone using the plaintext password to log in before you and you are non the wiser.
b) Expire. Lot's of people won't bother changing the password that was given to them, so anyone who comes across a plaintext password in the email at a later date would be able to log in.
Temporary plaintext passwords are rare; I don't think I've ever seen one. If you've got as far as temporary plaintext passwords, I'd argue it's a better UX to provide a simple link instead of forcing them to copy and paste something.
- Sending your password to your email in plain text. - Allowing user to set new password just by answering simple personal details like DOB, Zip code etc which might be known to a number of your friends and family members.
Often it is simple enough to implement a password reset functionality with a reset-link that contains a GUID which expires after a certain period of time. It could be more secure, but is a tradeoff between providing greater security and a longer reset process.
One of the major risks of websites with very naive reset procedures is that many people use the same password with multiple websites. So if a user's password gets compromised on a site, then the attacker can easily try those passwords with other services and gain easy access to user data.