Re: [ADMIN] password retrieval

From: Joseph Kingry (jkingry@UWATERLOO.CA)
Date: 09/08/98

I may be coming into this mid-stream but anyhow:
        Passwords and retrieving them etc.
Most, if all systems/programs that contain any passwords never let you
openly see the unencrypted password text. There is never any need for it and
doing so circumvents privacy/security etc. etc. etc.  None of these products
and the people using them seem to have a problem with this.

Problems with passwords are usually dealt with like this:
User: I forgot my password.

(optional step) Admin: Ok, just give me some background information (that
they have stored such as birthday, middle name, last login, character
history details, whatever)
User: (provides check info which is visible to admin)

Admin: I'm going to change your password to "test" so you should be able to
login now.

User: Thanks.

That's the way I've always seen it handled and done it on both sides of the
admin/user coin whether it be for UNIX administration, ISP, customer
accounts etc.

I'm not saying that a visible password is unethical bad etc. I just don't
think there really is a need if one follows already existing procedures.
I.e. not re-inventing the wheel.

My 2^-10 cents,

Joe Kingry

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/15/00 PST