Is it OK to save user passwords into plaintext?



  • I want to easily recover user passwords if required. I hash them using bcrypt but I tried to backup non-hashed passwords into a plain text file (*txt) not accessible over the internet. Is that correct and secure?

    I'm using a secure password for VPS remote desktop. I don't think there's any way it could be grabbed, but just wondering this is even a correct approach?



  • No, it is not OK.

    • It's the 21st century. Devices which are truly "not accessible over internet" are a rarity. How are you going to keep that file up-to-date? Are you seriously storing it on a closed shell system without a network connection and transcribe passwords manually by hand while physically sitting at the system? If you update it via network, then the file is accessible over the internet. Perhaps not directly, but in a way a skilled attacker could exploit nevertheless.
    • The file is vulnerable to an internal attacker. Anyone with access to the file has access to all the user accounts. They could potentially leak those passwords or abuse them themselves.
    • If the main purpose of the file is to provide account recovery, then the file is vulnerable to you falling victim to a social engineering attacks ("I really am Bob from accounting. Can you tell me my password?").
    • It's a violation of your users privacy. A lot of people use the same password for everything. We keep telling them that they shouldn't do that. But they don't listen. This means that this password list might allow you and anyone else with access to it to take over your users email accounts, social media accounts, confidential correspondence via chat apps and perhaps even financial or medical information. And there is no easy way to find out that your list was the leak.

    If you want to recover passwords, then follow the standard procedure.

    1. Send a one-time reset code to the user via email
    2. Have them enter that reset code on a web portal
    3. Have them enter a new password of their choice, which you promptly run through an irreversible hash function and then scrub from memory.

Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2