An Integrated Mechanism for Resetting Passwords in Web Applications
It is very common for people to forget their passwords and request to reset their password through web browsers. This leads to the critical question of how a software developer should simply and safely, store and change a user's password for a web application. When an application stores a user's password in a database, the password must be encrypted so nobody can query the fields and see the original value. It is bad design to send or display the original password to the user when a user resets their password, as the information could be seen or intercepted. On the other hand, it is also inconvenient that users must memorize additional information in the form of security questions when attempting to reset the password. When resetting a password, it is better to use a user's basic personal information and email or text them a reset URL link with encrypted codes. This paper presents an integrated mechanism that utilizes PHP and MySQL functions to reset user passwords and improve the security for resetting passwords. The method can also protect the database from being attacked by reducing unnecessary access to the database. A case study is discussed in this paper.
Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017
First Page Number
Last Page Number
Huang, Ching Yu, "An Integrated Mechanism for Resetting Passwords in Web Applications" (2018). Kean Publications. 1438.