Storing Passwords: Encrypted or not?
Posted: Sun Sep 14, 2008 7:10 pm
I can envision eyes widening at the site of the thread title though your reactions may be for different reasons than what I am anticipating so my question remains the same: what are the arguments for and against encrypting user's passwords in a database?
I prefer simple conveniences then complete conveniences in order to have better security. Essentially at my level of programming I'd rather have more security then user convenience. In example I won't automatically authenticate a user who returns though I will store their name in a cookie for browser's auto-complete feature to fill in the function (as well as to check the remember-me checkbox). So they have to click the sign in button once...though it's a lot more secure then automatically authenticating them (there is an article on Tom's Guide about this).
Same thing with passwords...I presume automatically generating a new password is more secure then having them stored unencrypted and sending them a reminder of their password? What are the other variables in play?
I prefer simple conveniences then complete conveniences in order to have better security. Essentially at my level of programming I'd rather have more security then user convenience. In example I won't automatically authenticate a user who returns though I will store their name in a cookie for browser's auto-complete feature to fill in the function (as well as to check the remember-me checkbox). So they have to click the sign in button once...though it's a lot more secure then automatically authenticating them (there is an article on Tom's Guide about this).
Same thing with passwords...I presume automatically generating a new password is more secure then having them stored unencrypted and sending them a reminder of their password? What are the other variables in play?