网站用户重置密码的安全有效方法是什么?

发布于 2024-10-10 14:11:21 字数 161 浏览 8 评论 0原文

许多网站实施不同的方法,我很难决定哪种方法最适合我的网站。

我的用户配置文件包含以下数据:

username
password (in hash/digest form)
email

我希望密码重置方法安全、用户友好且高效。

Many sites implement different methods and I am having a hard time deciding on which method would work best for my site.

My user profiles contain the following data:

username
password (in hash/digest form)
email

I'd like the password reset method to be secure, user-friendly, and efficient.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

想你的星星会说话 2024-10-17 14:11:21

您应该添加两个字段:reset_code 和reset_expiry

这是安全密码重置功能的过程。

  • 用户选择“忘记密码”。

  • 提示用户输入电子邮件/用户名。

  • 如果有效,则生成一个 GUID,并将其存储在 reset_code 中,并将 Now()+24 小时存储在针对该特定用户的数据库中的 reset_expiry 中。

  • 然后,它会向该电子邮件地址发送一封电子邮件,其中包含确认密码重置的链接。此电子邮件将包含指向您网站的链接,其中嵌入了用户的用户名和重置代码。 (这可以阻止恶意用户仅通过知道他们的电子邮件来重置第三方密码)

  • 用户单击电子邮件中的链接后,他们将被定向到您的网站。
    您的网站将验证:用户名和reset_code匹配,并且当前时间未超过reset_expiry时间。

  • 如果一切正常,我们就可以完成密码重置了。这可以通过以下任一方式完成:
    a) 在屏幕上显示一个新的随机生成的密码
    b) 通过电子邮件随机生成的新密码
    c) 能够输入自己选择的密码

You should add two fields, reset_code and reset_expiry

This is the process for a secure password reset functionality.

  • User selects "Forgot password".

  • User prompted for email/username.

  • If valid, generates a GUID, and stores it in reset_code and also stores Now()+24 hours in reset_expiry in the database against that particular user.

  • Then it sends an email to the email address with a link to confirm the password reset. This email would contain a link to your website with the user's username AND reset_code embedded. (This stops a malicious user resetting a third parties password just by knowing their email)

  • Once the user clicks on the link in the email, they will be directed to your website.
    Your website will validate that: the username and reset_code matches, and the current time hasn't exceeded the reset_expiry time.

  • If all is okay, we can complete the password reset. This can be done by either:
    a) Onscreen a new randomly generated password
    b) A new randomly generated password via email
    c) The ability to enter a password of his/her own choosing

把梦留给海 2024-10-17 14:11:21

您不应存储用户的密码,即使是加密形式也不应如此。您应该只存储身份验证所需的哈希/摘要。然后,您无法“恢复”密码(因为您不知道),您只能重置密码,和/或为用户提供一个临时的一次性密码,允许他设置新密码。

更新:如果您执行上述操作,标准程序是使用“要求密码重置”表单。用户输入他的 ID(通常是他的电子邮件),然后生成一个“令牌”(例如,随机字符串),将其存储在具有某个到期日期的某个表中,并连同指向“密码重置”的链接发送到他的电子邮件形式。在这种形式中,将检查令牌,允许用户输入新密码,并指示尝试新的登录。

更新 2:可能会出现一个小隐私问题:如果在请求表单中输入的用户 ID(电子邮件、用户名或其他内容)在我们的数据库中不存在,我们该怎么办?输出消息“用户不存在。检查 ID 并重试。”可能没问题,但在某些情况下会导致隐私问题:任何人都可以检查其他人是否在您的数据库中注册!如果您想避免这种情况,即使未找到用户(因此实际上并未发送邮件),您也必须输出相同的消息(“已发送带有说明的邮件...”)。
类似的隐私问题建议当用户尝试登录失败时仅输出消息“登录不正确:错误的用户或密码” - 不要透露用户或密码是否不正确。

You should not store the passwords of your users, not even in encrypted form. You should only store the hash/digest necessary for authentication. Then, you can't "recover" the password (because you don't know it), you can just reset it, and/or give the user a temporary one-time password that allows him to set a new password.

Update: if you are doing the above, the standard procedure is to have a "require-password-reset" form. The user enters his id (typically his email) and a "token" (eg, a random string) is generated, stored in some table with some expiration date, and sent to his email along with a link to the "password-reset" form. In this form the token is checked, the user is allowed to enter a new password, and instructed to attempt a new login.

Update 2: A small privacy issue might arise: What should we do if the user id (email, user name, or whatever) entered in the request form does not exist in our database? To output a message "User does not exist. Check the id and retry." may be ok, but in some cases it would cause a privacy problem: anyone can check if other someone is registered in your database! If you want to avoid that, you must output the same message ("a mail has been sent with instructions...") even if the user wasnt found (and hence a mail was not actually sent).
Similar privacy issues advise to just output the message "login incorrect : bad user or password" when the user tries to login unsuccessfully - don't disclose if it was an incorrect user or password.

青春如此纠结 2024-10-17 14:11:21

我同意莱昂布洛伊的观点。存储密码会导致像几周前的 Gawker 事件一样的麻烦(发现并发布了 150 万个用户 ID/密码组合)。

但是,您应该具有“重置密码”功能,可以通过电子邮件将新密码发送到用于开设帐户的原始电子邮件地址。

密码重置期间不应更改电子邮件地址。如果用户无法再访问旧的电子邮件帐户,那就太糟糕了。放弃帐户并重新开始。

并在重置屏幕上使用良好的验证码。

I agree with Leonbloy. Storing the password leads to trouble like the Gawker incident from a few weeks ago (1.5 million userid/pwd combinations were discovered and published).

You should, however, have a "reset password" function that e-mails the new password to the original e-mail address used to open the account.

There should be no provision for changing the e-mail address during the password reset. If the user doesn't have access to the old e-mail account anymore, too bad. Abandon the account and start over.

And use a good Captcha on the reset screen.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文