Tim Ferrell
Feb 18, 2020 5:26:32 PM

Password Hashing

I think passwords should be stored in an irrecoverable format.  I should not be able to request my password via a password reset link.  The most I ought to be able to do is request a password reset e-mail.

Is it possible to implement password hashing (ideally with a salt) in line with best practices?

I already know I can turn off the password reset link, but I would like to have a way to ensure that password are stored in an irrecoverable format (even if I have to enable it).

Synametrics support engineer
Feb 25, 2020 12:27:29 PM

Password Hashing


We have implemented two suggestions you made earlier:

  • Ability to make the passwords expire after X number of days
  • Ability to reset the password, rather than sending it via email

These features will be part of version 4.5. Let us know via email (support@synametrics.com) if you're interested in trying out this version before it is publicly released.

Tim Ferrell
Mar 5, 2020 8:22:35 PM

Password Hashing

Thanks for this update!

In the config file (or via web interface) how do I enable the password recovery?  Do I simply remove the "allowUsersToRetrieveLostPwd" line, which I have disabled now or do I set the value to true?  Perhaps change the type?  Is there anywhere besides the forum I cna look to answer this one?


Social Media

Powered by 10MinutesWeb.com