[Wikipedia-l] Password handling--request for input.

Jimmy Wales jwales at bomis.com
Tue May 28 22:47:57 UTC 2002


lcrocker at nupedia.com wrote:
> (2) Change the feature to "email me a new password".  Passwords will 
> be encrypted, and when the user forgets his, the system will create a 
> new random password and email _that_.  The user will then log and 
> change his password (hopefully to something he can remember).  
> 
> Plaintext passwords won't exist anywhwere with options 1 or 2--this 
> is the most secure.

The slashdot software does something similar to this.  Here's something to think
about.

Each account should have a field for 'password' (encrypted, of course)
and 'new password' (encrypted, of course).  When a new password is
requested, it is sent out (unencrypted) and stored (encrypted) in the
'new password' field.  But the old password can be untouched and still
functional until the new password is used, at which time it is copied
to the 'password' field.

The point of these steps is to prevent a certain kind of
denial-of-service attack.  If I don't like you, maybe I'll just sit
here requesting a new password for you, over and over, thus forcing
you to be logged out over and over.

But if the old password continues to work, then all the repeated
requests do is barrage you with annoying email -- this email should
identify the ip number of the person clicking on 'send a new
password'.

--Jimbo



More information about the Wikipedia-l mailing list