Pat Farrell: in Criptography
The standard approach to securing passwords/passphrases is to put them through a one way hash, say MD5 or SHA1, and store the resulting hash. You then tell users that you can not tell them the old password, just give them a new one.
Originally posted by Stan James:
This just triggered a memory that made me smile ... a vendor package encrypted passwords with a simple XOR. Our database folks stared at these so long they eventually learned to READ the encrypted passwords. (Since I sight read vocal music on sax all the time, this makes perfect sense.) You could call them up to recover a lost password. Security, ha!