[Zope-PTK] Re: Proposal: password policy change

Shane Hathaway hathawsh@yahoo.com
Wed, 23 Aug 2000 06:26:40 -0700 (PDT) 

Fabio,

> While integrating the PortalMembership  system I had
do with a different
> password policies: PM stores encrypted passwords and
obviously hasn't a
> getPassword method which unuseful in this case. To
manage the
> mail_password_form it skips the problem of reading
it generating a new
> password and replacing the old one. I think this is
the most secure way
> to handle passwords and should be implemented also
in the standard PTK
> portal_registration. We need just to eliminate the
getPassword method,
> and modify the mailPassword (I propose to rename it
mailNewPassword)
> method in order to: 
> 1) generate a new pwd
> 2) set it 
> 3) mail it

This is an excellent idea.  I would suggest that it be
implemented in a different way, however.  Consider:

1) People will forget their passwords and need a way
out.  The most "user friendly" way out is for them to
receive their password again via e-mail.  Of course
this is terribly insecure, but slashdot and many
others do it this way, so those who run PTK sites will
expect this to be an option.

2) If we allow passwords to be instantly reset by
anonymous users then that capability will be abused by
intruders.

In order for your plan to work, therefore, we need to
provide the option to set a temporary password.  This
temporary password would be in addition to the user's
normal password.

Scenario 1:

a) User tries to log in but forgot password.
b) Clicks "Set temporary password".
c) Receives e-mail with temporary password.
d) Logs in with temporary password.  User is either
required to set a new password immediately, or the
temporary password becomes the permanent password.

Scenario 2:

a) Hostile intruder wants to attack Joe's account.
b) Intruder uses an HTTP request generator to cause
the "temporary password" function to be executed
1,000,000 times for joe's account.
c) Joe's mailbox overflows.  The most recent temporary
password is lost in cyberspace.
d) Joe goes to sysadmin and asks for help.
e) Sysadmin says "just use your old password, it still
works" or "just delete the messages and request a new
temporary password".
f) Joe does, it works, and the intruder is (mostly)
thwarted.

Shane

__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/