-3
By default the passwords are recovered by sending email. I will be responsible for viewing passwords and delivering them to users if they forget. I cannot use emails to reset because users identify themselves through registration, that is, in the database there are no e-mail addresses for each user. So, as an administrator, I need to program so that I can view the password, and then inform the user who requested it.
2
Answering your question: depending on how the password is stored is possible, but unsafe and not at all advisable.
For this to be possible you would need:
The above two items should be inconceivable in any system.
Alternatively what can be suggested:
The 3 items above are not yet advisable, but are not as bad as having access to the password. Note that all options should always be to reset the password and never query. Even those who have access to the system database should not know what the password of the users.
Thanks for the tips. I already searched on the internet a way to use questions to reset passwords but did not find. I don’t know how to write the code. If you can help, thank you.
@Dpwsreceptive, I think in this case it would be another question. You would need to open a new question with what you have already tried to do, details of how you are storing your user, how you are providing the questions, how he chooses the answers and in which of those parts you have a problem with.
Browser other questions tagged asp.net-mvc
You are not signed in. Login or sign up in order to post.
How would you ensure that the user who is trying to recover the password is the owner of the password? The purpose of the email or sms is precisely this. The question is outside the scope because it is not really a question related to programming. You basically want an idea for your system.
– Roberto de Campos