2017-07-27, 09:02 AM
I know that in forum software there is often an administrative way to force password updates on members the next time they log in. This is often used if a forum suffers a security compromise, which means usually there is a script back-end for the feature I propose.
The security consensus often suggests "updating your password regularly", it's usually debatable as to how "regularly" regularly should be (One a month?, every three Months?) however it's human nature to shirk updating passwords (Unless you happen to have a strict Sysop/Admin)
Therefore the suggestions is the have an option to pop-up a message to "Ask members if they would like to change their password" at a time point set by the administrator.
At this point a member should then be able to decide (after entering their current password and filling a captcha) if they want to outright change their password, or keep the same one by skipping the change (would just require a captcha).
Basically if they choose to skip, it should be quick and not require their password to rehash, using a captcha authenticates their human while also trying to reduce the chances of attacks that might attempt to exploit predicting the hash technique by rehashing multiple times over in a row.
The script itself should then either create a new password hash (if they picked a new password) or rehash the old password using a different salt or different cryptology. (Multiple choices of cryptology are therefore useful to maintain security, as should one cryptomodule become exploited its easily replaceable by another.)
I know this method does not protect a members account if someone already knows their unhashed/decrypted password, however it does aid in reducing account compromises should the raw database ever fall into the hands of someone that attempts to misuse it for accessing other locations online.
Thoughts?
The security consensus often suggests "updating your password regularly", it's usually debatable as to how "regularly" regularly should be (One a month?, every three Months?) however it's human nature to shirk updating passwords (Unless you happen to have a strict Sysop/Admin)
Therefore the suggestions is the have an option to pop-up a message to "Ask members if they would like to change their password" at a time point set by the administrator.
At this point a member should then be able to decide (after entering their current password and filling a captcha) if they want to outright change their password, or keep the same one by skipping the change (would just require a captcha).
Basically if they choose to skip, it should be quick and not require their password to rehash, using a captcha authenticates their human while also trying to reduce the chances of attacks that might attempt to exploit predicting the hash technique by rehashing multiple times over in a row.
The script itself should then either create a new password hash (if they picked a new password) or rehash the old password using a different salt or different cryptology. (Multiple choices of cryptology are therefore useful to maintain security, as should one cryptomodule become exploited its easily replaceable by another.)
I know this method does not protect a members account if someone already knows their unhashed/decrypted password, however it does aid in reducing account compromises should the raw database ever fall into the hands of someone that attempts to misuse it for accessing other locations online.
Thoughts?