How to protect such functionality?

N

Nwton2017-01-19 21:10:44

Information Security

Nwton, 2017-01-19 21:10:44

For the general development, I decided to make a simple system of users, a couple of questions are of interest.
When registering, the user cannot enter his password, the site offers a ready-made one. This is done to speed up the registration process. With a high degree of probability, the user will not immediately write it down and will not be able to remember it. Therefore, I want to be able to see the current password in the account settings.
In what form should the password be transmitted and stored? And also, what methods of protection should be introduced?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

O

other_letter, 2017-01-19
@other_letter

Kill it. Give the ability to do anything, including without a password. The agreement will write everything off. You're not a bank, are you?
In general, sites like life hacks are annoying (that is, they do not bear potential costs for them), where it is necessary to leave a phone number and a password of at least 8 characters, but the register is different, and special characters ...
Give the opportunity to make a password of 123 and that's it.