HOME

TheInfoList



Click Here for Items Related To - Password notification e-mail
OR:
Password notification e-mail on:   [Wikipedia]   [Google]   [Amazon]

Password notification email is a common
password recovery In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly tr ...
technique used by
website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wi ...
s. If a user forgets their
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
then a password notification
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
is sent containing enough information for the user to access their account again. This method of password retrieval relies on the assumption that only the legitimate owner of the account has access to the inbox for that particular email address. The process is often initiated by the user clicking on a forgotten password link on the website where, after entering their username or email address, the password notification email would be automatically sent to the inbox of the account holder. This email may contain a temporary password or a URL that can be followed to enter a new password for that account. The new password or the URL often contain a randomly generated string of text that can only be obtained by reading that particular email. Another method used is to send all or part of the original password in the email. Sending only a few characters of the password, can help the user to remember their original password, without having to reveal the whole password to them.


Security Concerns

The main issue is that the contents of the password notification email can be easily discovered by anyone with access to the inbox of the account owner. This could be as a result of shoulder surfing or if the inbox itself is not password protected. The contents could then be used to compromise the security of the account. The user would therefore have the responsibility of either securely deleting the email or ensuring that its contents are not revealed to anyone else. A partial solution to this problem, is to cause any links contained within the email to expire after a period of time, making the email useless if it is not used quickly after it is sent. Any method that sends part of the original password means that the password is stored in plain text and leaves the password open to an attack from hackers. This is why it is typical for newer sites to create a new password generate a token. If the site gets hacked the password contained within could be used to access other accounts used by the user, if that user had chosen to use the same password for two or more accounts. Additionally emails are often not secure so, unless the email had been
encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
prior to being sent, the contents could be read by anyone who eavesdrops on the email.


References

{{DEFAULTSORT:Password Notification E-Mail Password authentication