Synametrics Technologies

I think passwords should be stored in an irrecoverable format.  I should not be able to request my password via a password reset link.  The most I ought to be able to do is request a password reset e-mail.

Is it possible to implement password hashing (ideally with a salt) in line with best practices?

I already know I can turn off the password reset link, but I would like to have a way to ensure that password are stored in an irrecoverable format (even if I have to enable it).

Tim,

We have implemented two suggestions you made earlier:

• Ability to make the passwords expire after X number of days
• Ability to reset the password, rather than sending it via email

These features will be part of version 4.5. Let us know via email (support@synametrics.com) if you're interested in trying out this version before it is publicly released.

Thanks for this update!

In the config file (or via web interface) how do I enable the password recovery?  Do I simply remove the "allowUsersToRetrieveLostPwd" line, which I have disabled now or do I set the value to true?  Perhaps change the type?  Is there anywhere besides the forum I cna look to answer this one?