Forgotten password - It's a security risk!

The 'Forgotten password' function on websites is not a feature. It is a security risk!

The worst of all is the ones that are able to send your current password to your email account. Let's take a moment to consider what is required to accomplish this. The users' passwords must not have been hashed, as it would then be impossible to know what your password is. Therefore, the passwords must be stored in a plain text form on the server. In the event that the server is compromised, your password is directly accessible to the attacker. Even if the passwords are stored encrypted, they aren't much better off. If you're a software developer, always always store password hashes and not the passwords themselves---unless you specifically need the password in it's plain text form.

Sites that allow users to reset their password by answering a security question is also bad. The problem with this approach is that often the questions are so simple that your neighbours could probably figure out the answers. Take for example, 'What is your pet's name?' or 'What is your mother's maiden name?' Just think how many people actually knows the answer to that question and could potentially hijack your account. Think Paris Hilton. While some sites allow users to disable the function by leaving the security questions empty, most sites make it mandatory. In this case, you can still "disable" the function by entering a long random text as the answer.

Security and usability doesn't mix. One additional way to recover or change your password is one additional way to hijack your account. Is it worth the risk just so it's easier to resolve forgotten password situations? I admit I've had to use the 'Forgotten password' function a few times before but it pays to be aware of the risk. Please check out my next blog post on password management tips. I wonder when that'll be.