Forum OpenACS Development: Re: Can question/secret answer be removed from password recovery?

Maybe it is better to characterize the hashing as a hurdle. In track events, hurdles are added, not to prevent the runner from crossing the finish line, but to make it harder. Any security measure that makes it harder is good, IMHO. Storing the password as a hash greatly reduces the number of possible ways an attacker could get into an account. Human engineering is the best example, just call the customer service department and convince someone to give you the password.