I’m not sure if this is the correct place to ask this, so if there’s a better community please direct me to it.
I’m making a web app that I plan on hosting. Users will be able to create an account on the website. The only information about the user themself I store is email and an argon2 hash of the password. All the other information stored about a user’s account is specific to and only makes sense in the context of the app.
Now, while I only have one piece of PII, I’d prefer it to be zero. Ideally I’d replace the email with a username for the purpose of uniquely identifying users. However, there’s one problem: I want to be able to send an email to a user if they forget their password so they can reset it. I don’t know if there’s a way to do this without storing their email.
Is there a way to do the mentioned functionality without storing PII? Alternatively, is there another way of handling a user forgetting their password that doesn’t require them to remember anything and doesn’t need PII?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 327 users / day
- 929 users / week
- 2.71K users / month
- 6.38K users / 6 months
- 1 subscriber
- 1.52K Posts
- 24K Comments
- Modlog
You need some kind of identifying information in order to restore a password without risks. It must be something that both you and the user remember, and that either nobody else know, either some user address unique to them.
One alternative address to email is phone number, but that’s potentially more identifyable and intrusive than email.
You could also generate an ID that you store hashed and send it to the user email at sign up time, and then ask the user to provide you this secret if they want to change the password. Actually, it would be a recovery password sent in plaintext to the email. Maybe showing it just once in the webapp and asking strongly to save this code safely? It would be equivalent as asking the user to save their password safely…
What do you think?
I just ended up storing a hash of the email.