Difference between revisions of "Password reset strategy"
From DarkWiki
(→Process) |
|||
| Line 3: | Line 3: | ||
As part of standard operating procedure, the system needs to help users who have forgotten their password or user id in a simple and secure fashion, without any interaction of support staff. | As part of standard operating procedure, the system needs to help users who have forgotten their password or user id in a simple and secure fashion, without any interaction of support staff. | ||
| − | == | + | ==Common attack vectors== |
| − | |||
| − | |||
| − | * | + | * Password resets issued by hacker. |
| − | * | + | * Forged mails with reset links in. |
| − | + | ==Aims== | |
* Users do not like automatically generated passwords | * Users do not like automatically generated passwords | ||
| − | * Sending a new password or a one-time password in an email is insecure | + | * Sending a new password or a one-time password/code in an email is insecure |
* The password reset link inside the email will only be used: | * The password reset link inside the email will only be used: | ||
** For a short period of time (e.g. 48 hours) | ** For a short period of time (e.g. 48 hours) | ||
| Line 19: | Line 17: | ||
* The password reset link will be secure, and any modification must be detectable | * The password reset link will be secure, and any modification must be detectable | ||
** The user's mailbox may be compromised in the future; the link must not be modifiable (e.g. by changing the username, timestamp etc) | ** The user's mailbox may be compromised in the future; the link must not be modifiable (e.g. by changing the username, timestamp etc) | ||
| + | |||
| + | ==Process== | ||
| + | |||
| + | There are two possible initiators: | ||
| + | |||
| + | * The user has forgotten their '''user name''', or | ||
| + | * The user has forgotten their '''password'''. | ||
| + | |||
| + | We do not need to care about which piece of information they have forgotten. We will use their registered email address to send them a link allowing them to set their password. | ||
Revision as of 14:49, 10 August 2017
Introduction
As part of standard operating procedure, the system needs to help users who have forgotten their password or user id in a simple and secure fashion, without any interaction of support staff.
Common attack vectors
- Password resets issued by hacker.
- Forged mails with reset links in.
Aims
- Users do not like automatically generated passwords
- Sending a new password or a one-time password/code in an email is insecure
- The password reset link inside the email will only be used:
- For a short period of time (e.g. 48 hours)
- Until such time as the password has been reset
- The password reset link will be secure, and any modification must be detectable
- The user's mailbox may be compromised in the future; the link must not be modifiable (e.g. by changing the username, timestamp etc)
Process
There are two possible initiators:
- The user has forgotten their user name, or
- The user has forgotten their password.
We do not need to care about which piece of information they have forgotten. We will use their registered email address to send them a link allowing them to set their password.
