Reset password expire

[stiefel]

Hi,

generally it is not a good idea to send out plain-text passwords via e-mail. Which is the case if the user resets his/her password.

It would be more secure to implement a one-time password reset link. If this would be to difficult and/or would require intensive work to rewrite the system, a password expiration should be implemented. Currently after resetting the password the user gets a new randomly generated password via e-mail, and the user is not required to change it after logging in. This means in if the e-mail was somehow acquired by an attacker at a later time the account might be still accessible. To prevent this a new field would be required in the DB, with which the password can be set as expired, and after logging in with the new password the user is required to change the password immediately, like if you call

Code:

passwd -e <login>

on a NIX machine. If the password is set as expired, the user should be blocked to do anything but changing his/her password.

Cheers,
stiefel

[herby1620]

If you are going to all the trouble of the password reset stuff (email, etc.), it would also be nice if the password reset would keep the OLD password intact, and make the "password reset" link/password be used IN ADDITION to the original password.  Presently it REPLACES the password with the new generated one.  This is nice, but if you don't have things setup correctly, the new password might be lost.  It is also a denial of service attack vector (just try to login and ask for a password reset).  Not very friendly.

Yes, this would entail a database overhaul (additional entries in a table), and some code, but it would be "nice to have".

It should also be setup so that if you DID request a password reset and logged in with your correct password, it would delete the password reset, as it isn't needed any more.

Yes, a small bit of programming.......