How secure is "mail" function?


#1

Hello all. I’m quite new at this, so I apologize if this is a really stupid question.

I’m setting up a basic log-in system with a password retrieve option. All passwords are hashed with MD5, and all posts are sanitized to prevent MySQL injection.

If a user forgets his password and answers the security question correctly, his password gets reset to a random 8-character string. A non-hashed copy of that string gets sent to the corresponding email address pulled from the MySQL database. The email is sent using the basic mail function:

mail ($email, ‘Your Login Information.’, $message);

Now, did I just throw away all the security I’ve been trying to preserve? Is there a better way to do this?

Any input is appreciated. Once again, I apologize if the answer is stupidly obvious.


#2

No such thing as a stupid question and its pretty valid. Md5() encryption can’t be broken without the use of several super computers. As long as its entered into the db table that way, you’re fine. Putting it into an email before the md5 is used is iffy. You’re assuming that only one person is reading their mail. Its something that has to be done though.


#3

Richei is correct! Nothing to worry about.

But, I would add one thing. First, the new random 8 character password should be set to be valid for a limited time. I like to use a very short time frame. Something like 48 hours or maybe 24… This would be indicated to the user. “You MUST access your account and change your password within 24 hours!”…

This protects someone who is tracking the person as they also have to read their email and reply in time.
If the owner/user resets their password, give them 24 hours to reset it. If they are resetting it, they
most likely will respond immediately, so even 1 hour is usually enough. Depends on how fast their email
client is in getting mail back… You can also send a verification email to them and not allow an email
address change during password change period. (if a hacker can change the email password, then they
can change the email address later on… So you would not allow an email address change within 24 hours of the password change. If that happens, then monitor it more and contact the owner directly by the existing email address…) Just some ideas on security… Good luck…


#4

exactly as richei, at the point of the user forgetting thier password, there is no other secure way to get something to them other than to have them go through a barrage of questions to prove it really is them, If you want to be more secure then set up like 2-4 questions that they have to get right before a email is sent, then there is no other solution other than to send a reset link or temp password.
at least by the questions and the email you are doing you best to ensure that it is as secure as you can do. so the person would need to know much information about the account user, and they would have to have access to the email, which would require its own login.
It would be difficult for just some random hacker to be able to come up with all of that unless they put a virus on the users computer at which point nothing will help them other than a good anti-virus :smiley:


#5

You could also have the user give an alternate email address. Its unlikely that someone would compromise 2 accounts. An addition to what these 2 have said is to not reset the password until after the confirmation. That way, if the person hasn’t responded, then the password doesn’t get changed and the person still has their account. Lots of sites are now doing this as a precaution. In the email, you could send a challenge question, like what color is the moon during a new moon? Answer would be none - there is no moon during a new moon.