Two way encryption question

[realjumper]

Hi,

I use the MD5 hash function to store users passwords on my server. The problem with this is that on the Intranet where this is being used to log on to the Intranet, the academic staff are, for some reason, apt to forgetting their passwords. So, a new password is issued which they can change to one they can remember. Unfortunately, the academics seem to not posess a good memory for paswords, and pretty soon we have to gpo through this process again. Bare in mind that I am not trying to create a 'Fort Nox' type security, it's just for logging on to the Intranet.....but it would be very handy to be able to have some sort of two way encryption, rather than MD5 so they could recover their original password. The thinking is that if they get the same password into their head....eventually they ought to be able to remember it!!!! So, is there a way to employ two way encryption rather than MD5?

Thanks,
Neil

[pixy]

You can use ENCODE() and DECODE() functions in mySQL. Just remember, if you can decode it for them to see--so could potential hackers if they gained access to your database.

[realjumper]

Thanks pixy, I'll investigate those functions. Management will have to decide which way I go with this but at least if I give them some options they should be able to make the correct choice for the situation.

Cheers.

[pixy]

You know, you could always send an email to them whenever they change their password with the new password. That way, they could just search their inbox for the confirmation email from the password change.

+ You're welcome. :)