现代 Web 应用程序中密码检索的有效技术
我们一直致力于 Web 应用程序,其中我们需要实现传统的 Web 应用程序的密码检索功能。 根据趋势,有一些方法,例如..
- 将密码重置链接发送到用户的电子邮件。
- 向用户询问秘密问题以恢复密码。
- 重置现有密码并创建新密码并将其发送给用户。 这也可能迫使用户在下次登录时更改密码。
我们是否有任何非传统技术来实现密码检索机制? 您还为此尝试过哪些其他方法?
谢谢。
We've been working on web application where in we need to implement traditional web-apps functionality of password retrieval. According to the trends there are approaches like..
- Sending Password reset link to user's email.
- Asking Secret Question to the user for Password recovery.
- Resetting the existing Password and creating a new password and sending it to the user. This may also force the user to change the password upon next logon.
Do we have any non-traditional technique for implementing password retrieval mechanism ? What other approaches you've tried for this ?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这取决于您目标的安全级别、支持成本和可用性问题。
通过电子邮件发送密码重置链接是首选方法,原因有很多:
支持成本 - 从业务角度来看,这是最大的因素。 用户经常忘记密码提示或使用虚假的邮寄地址或忘记用户名。 所有这些都是合理的担忧,您可能会收到支持请求。 这反过来又产生了另一个问题,您必须通过询问用户最近的帐户活动以及其他活动来确定用户的合法性。 如果您不提供这种级别的支持,很多新手用户将会感到失望。 通过电子邮件发送密码重置链接可以减轻这些担忧,因为用户通常只有一两个电子邮件地址,他们可以通过提供电子邮件地址轻松恢复用户名/密码。
安全问题 - 从技术角度来看,这是最大的因素。 这里有各种各样的问题,您必须权衡。 电子邮件帐户被盗意味着黑客可以访问所有用户的服务,从而允许通过电子邮件发送密码重置链接。 您可以采取中间立场,即通过电子邮件向用户发送密码重置链接,该链接又询问用户密码提示问题,然后允许他们重置密码。 再次强调,您不应该在任何媒介中泄露用户的密码。 事实上,如果您有能力向他们显示密码,那么您的系统就已经不安全了,因为这意味着您没有使用 SHA-1 等安全散列来存储它们,并且您公司的开发人员可以获取每个人的密码。
可用性 - 从用户角度来看,这是最大的因素。 通过电子邮件发送密码重置链接需要用户检查他们的电子邮件地址,这意味着完成任务的时间可能长达 2 甚至 3 分钟。 不过,我认为这没什么大不了的。 大多数用户似乎并不介意这一点,因为他们觉得自己有错,而这是符合他们最大利益的安全措施。 我只是根据个人经验进行假设,一般用户可能会有不同的感觉。 我认为安全性比用户体验更重要,因为用户很少需要找回密码(用户很长时间没有登录并忘记了密码;用户已将密码保存在重新安装的浏览器中,并且一些其他边缘情况)。
It depends on the the level of security you are aiming for, support costs and usability concerns.
Emailing a password reset link is the preferred approach for a number of reasons:
Support Costs - This is the biggest factor from a business perspective. Users often forget even their password hints or use a fake mailing address or forget their user name. All of these are legitimate concerns for which you might get support requests. This in turn creates another issue, you have to establish the legitimacy of the user by asking them about recent account activity and what not. If you don't provide that level of support a lot of novice users will be disappointed. Emailing a password reset link mitigates these concerns because the users typically have one or two email addresses and they can easily recover their username/password by providing their email address.
Security Concerns - This is the biggest factor from a technical perspective. There are various concerns here which you have to weigh. A compromised email account means the hacker can go to access all of the users' services which allow a password reset link to be emailed. You can settle for middle ground which is to email a password reset link to the user which in turn asks the user a password hint question after which it allows them to reset their password. Again, you should never expose the user's password in any medium. In fact, if you have the capability to show them their password your system is already insecure because it implies you are not storing them using a secure hash like SHA-1 and a developer in your company can get at everyone's password.
Usability - This is the biggest factor from the user perspective. Emailing a password reset link requires the user go and check their email address which can means the time to achieve the task can go up to 2 or even 3 minutes. However, I would think that this is not a big deal. Most users don't seem to mind this because they feel they are at fault and this is a security measure in their best interest. I am only hypothesizing from personal experience and users in general might feel differently. I would put security as a higher priority than the user experience because users will rarely if ever need to retrieve their passwords (user has not logged in for a long time and forgot his password; user had saved his password in the browser which was reinstalled and some other edge cases).
我认为,向用户的电子邮件发送密码重置链接是最好的方法。 Digg 就是这么做的,我也是这么做的。
但在这种方法中,我们需要依赖用户能够访问他的电子邮件。
关于秘密问题方法:很多时候,秘密问题的答案并不像我们希望的那么秘密。 阻止这种“帐户黑客”方法将符合我们用户的最佳利益。
In my opinion, sending a password reset link to the user's email is the best way. This is the way Digg does it, and this is the way I do.
But in this method we need to rely on the user being able to access his email.
Regarding the secret question method: more often than not, the secret question's answer is not as secret as we would like. It would be in the best interests of our users to block this method of an "account-hack".
我在实践中看到的其他选项包括:
上述方法实现起来并不那么简单,但是非常用户友好(因为它们没有什么新内容,并且在日常情况下也存在)。
Other options I saw in practice would include:
The above methods are not that simple to implement, but are quite user friendly (since there's nothing new about them and are present other in day by day situations).
网站及其管理员不应知道其用户的明文密码。 应该只存储密码的单向哈希值,以便在身份验证事件时进行比较。 因此,不应选择发送明文密码。
我个人喜欢发送给用户的密码重置链接。 不过请记住使该链接过期。 此外,通过电子邮件通知用户密码重置尝试(可以是与重置链接相同的电子邮件),以及成功重置后。
A web site and its administrators should not know the clear-text password of its users. There should only be a one-way hash of the password stored for comparison at authentication events. So sending a password clear text should not be an option.
Personally I like the password reset link sent to the user. Remember to expire that link though. Also, notify the user via email of the password reset attempts (can be the same email as the reset link), as well after the successful reset.
密码重置链接的另一种方法可能是创建一个随机密钥,该随机密钥不会出现在电子邮件链接中,用户在单击该链接后必须输入该密钥。 这将有助于防止人们捕获电子邮件。
An added approach to the password reset link may be to create a random key that does not go out in the email link that the user will have to type in once the link has been clicked. This would help against people capturing the email.