Recover Password by Secret Questions in VB.Net (VISUAL STUDIO 2015) RRS feed

  • Question

  • Hello, i am new to this of programming in VB, i never programmed before but i am currently doing a project which consists of a register of users and a log-in. I have already the log-in done but i cant find the code in the internet to add the option of Recover password, i am doing this log-in by SQL SERVER 2014 and i have a table of users with their respective passwords but i want an  recover password option who shows me a window that i can type the answer to the security question (which i dont know how to do in VB ) and lets me to put my new password and confirm it . Anybody have an idea to this? Thx 
    Friday, April 6, 2018 5:06 AM

All replies


    Maybe, it will help you.

    Friday, April 6, 2018 5:50 AM
  • This one looks rather simple. You could use it as a guide for your password recovery form and change the database code for SQL Server:

    Paul ~~~~ Microsoft MVP (Visual Basic)

    Friday, April 6, 2018 12:30 PM
  • Well from what I understand password hashes are typically stored in databases not passwords themselves. That way nobody can get passwords from the database I suppose. Then when a user types in a password it is hashed and compared to the stored hash in the database for verification purposes. There is no real way to convert a stored hash of a password back into the actual password.

    It's one thing to recover a password and another to provide a user the ability to change a password they can no longer remember. However as most companies do it they will send an email verification and such to your known user so nobody else can get the information necessary to be authorized to actually change your accounts password.

    You should probably research password usage and how all that is done typically i.e. storage of, changes to, etc before using your own methods.

    Also see Google search results for "Programmatically using passwords and storing them in databases".

    La vida loca

    Sunday, April 8, 2018 1:45 AM
  • Monkeyboy - I would use the same logic you described for password recovery.
    When a new user is set up they choose maybe 3 out of 10 or more fixed questions.
    What was your first pets name ?
    What City were you born in ?
    each question and the hashed answer is stored for that user so if that user needs to reset their password, some or all of the questions are asked, the answers hashed and compared, etc. - as you said, nothing critical is stored as plaintext and it is extremely difficult to derive the plaintext from the hash, especially if you use one of the newer SHA hash functions which is very easy to do.

    Username Devon_Nullman
    Password Xcc/wxb6PzCaK4d7guuTeM7Zfx/bV14UqHHibPqkUd8=
    Question Index 3
    Answer i24ElHIwRzNoGQpxyVOZp+mgwS+qKLBKLdWhzENQqak=
    Question Index 6
    Answer xH1u25gVL+h73WcTZOdajNbZEea3Qo+mVquDSm061BE=
    Question Index 8
    Answer ZUggPCMgp2ImqLWqlW54y9o7J6Xq14pd8J/cycn/W90=

    Monday, April 9, 2018 3:58 AM