Forum OpenACS Development: Re: Can question/secret answer be removed from password recovery?

I have to agree with Tom. If people can access your database, a lot has already been lost. Why? You can make yourself SWA with a SQL command. Then you login to the site, look at the user details, "become this user" and change the password. At least this is what we are doing all the time if a user has lost his password and can't for the heck remember it.

So, storing the password unencrypted is preferable if combined with the option to resend the current password to the user. We could make this an optional switch (resend_password vs. create_new_password).

As always there is a catch though: Users are a lazy bunch. They usually use the same password for a couple of websites. Storing the password encrypted prevents the maintainers of the site to access your password and try it out on other sites. Furthermore, sending your current password over the net via email makes it possible to obtain your login for other sites for the occasional password searching filter.