Having just re-read it, I see what I believe is a way to cut the Gordian knot. It could feel like a large, atomic change is needed to both encrypt the passwords, and put in place the workflow needed to do password resets that would be needed because the plaintext isn't available anymore.

But what about making a workflow for password resets now, even though the passwords are still plaintext in the database? It would both set the conditions for then encrypting the passwords as a second, independent step, and already increase security a bit by not having plaintext passwords be emailed around, and sit in people's mailboxes for ze baddies to snarf up.

There was some discussion of this idea two months ago: Re^5: login with google account

I see it got successfully bikeshedded into the ditch. Services that offer single-sign-on (SSO) options usually also offer a username/password option, so SSO is not a solution to this problem. You'd still need a password-reset capability.

jdporter - what would it take to make password resets change from the current (email out the plaintext password) to sending out a password-reset link, in the PerlMonks codebase? Is it as simple as an additional SQL table "password_reset" with columns UID, one_time_key, time_requested, and a page that takes the first two as CGI params, asks for a new password, submitting to a second page that takes those 3 values and updates the database by updating the password and deleting the password_reset row? (The time_requested is so it can be cleaned up periodically)

cavac - how does PageCamel do this?

pm stores its passwords in plaintext. There has been plenty of discussion about this. We won't rehash it here.

pm stores its passwords in plaintext. We won't rehash it here.

Pun intended?

(and now I see etj made the same comment, and I would delete this post if PM had that capability...)