[thelist] changing password design
Simon Willison
cs1spw at bath.ac.uk
Fri Sep 12 04:20:06 CDT 2003
Chris W. Parker wrote:
> What's a good secure design for allowing a customer to change their
> password?
>
> I've come up with two options so far:
>
> 1. Take the user to a page that has a small form (three input fields).
> First they enter their old password, then enter the new password twice,
> submit the form and they are done.
>
> 2. They click a link says something like "Send instructions on changing
> password". The "instructions" in the email are basically a link for the
> user to click with a unique one time use id that is meant to verify that
> the person changing the password is actually the owner of the account.
> Assuming the malicious person does not have access to the victims email
> box they would not be able to change the victim's password and thus lock
> them out.
I see no advantage of #2 over #1. #1 relies on a "secret" that you can
already assume is secure - their current paszsword. If someone else has
this already then the user's security is already compromised. #2 relies
on something that may be insecure - their inbox. As a simple example,
they could leave their PC on when they go to lunch thus giving an
opportunity for a co-worker to request the instructions to the victim's
inbox, change their password and delete the email before they get back.
I would definitely go with #1.
Cheers,
Simon
More information about the thelist
mailing list