2

I've read through these 2 links about forgot password and what would be the better way to reset password based on several conditions and situations...

Forgot Password: what is the best method of implementing a forgot password function? What is the best "forgot my password" method?

But I have a slightly different matter at hand.

We are thinking of having a reset password / forget password thing but the challenge is that we have users who belong to group email

e.g. engineering@mycorporate.com, h.resource@mycorporate.com, etc

Each group email has many users whose email are part of the group, and they need to use the group email to sign in to a local intranet system.

If we have a forget password link for them to reset password, I'm seeing a few possibilities here:

  1. User keys in group email, verify group email, send a link with some unique string but temporary for 1 hour, click on unique link from email, put in new password and confirm new password.

  2. User keys in group email, verify group email, send new randomly-generated password to group email, requires them to sign in within 1 hour and to change the password.

But somehow the issue still comes from the group email thing that any users belong to the group will know of the random password (point no.2)

But then, if using either method point no.1 or point no.2, Person Y carries out the forget and reset password, Person Z or any other won't know of the newly reset password...

What do you think?

Community
  • 1
  • 1
Ahad Rabu
  • 31
  • 3

1 Answers1

0

It makes no sense to keep the password secret from the recipients of the group email, since each of them can initiate and complete the password reset process and set the password to whatever they like. If the account in question is not supposed to be accessible for all members of the email group, it should be changed to refer to a personal email address instead of a group one.

If you actually intend for all members of the email group to know the password, you will need to have some channel for distributing the new password to all members, regardless of the mechanism you implement for the actual change. Email is OK if you can count on public key crypto and make sure only the actual authorized recipients will be able to read the password, or if it is not a very critical system you can just ignore security best practices and just send the new password in plain-text email.

lanzz
  • 38,081
  • 8
  • 81
  • 91
  • Note that any password-reset-over-email scheme is inherently as insecure as email communication; even the initial reset-link, if intercepted, can be used to gain access to the account in question just as the genuine recipient of the email would. – lanzz May 28 '12 at 09:27