Full Level Admins to be able to see Passwords

[PedroNL]

It would be nice if Full Level Admins could see passwords to the users...

[Nathan Explosion]

I think your use-case is going to have to be a lot better than "it would be nice" for something like this.

What purpose would it actually serve?

[Morrigan]

I don't think it's necessary at all and it's a security risk as well.

Admins with member access can log in as another member regardless so there is no use case for it.

[Lindy]

Setting aside what a terrible idea that would be from a security standpoint, it's not technically possible. Passwords are one-way encrypted and hashed. 

If, as an admin, you have a deep desire to use a member's account, you can use the "login as" feature in the ACP. If the member has forgotten their password, they can reset it. 

[Woodsman]

Can you imagine the Pandora box this would open had any admin with these permissions left a site without logging out?
Hackers are getting into systems easy enough as it is without giving them the keys to an unlocked door.
As stated you can always login at the member if need be without the vulnerability of password view.

[Colonel_mortis]

If it were technically possible to be able to view members' passwords, I would not use this suite, because passwords must not, under any circumstances, be stored in a way that allows you to retrieve the plaintext password, and doing so constitutes a major security issue if the database were to be hacked, because the hacker can now convert the passwords back to plain text too. Passwords should be, and are, stored by putting them through a deterministic but irreversible encryption function (hashed), with salt and potentially pepper so that the only way to retrieve the passwords is to brute force each password in turn, which very rarely makes sense for an attacker. If you use any site that emails you your password if you say that you forgot it, they are quite simply doing security wrong, and you should not trust them with your credentials.

Even if it were possible though, I cannot think of a compelling reason to want to allow admins to be able to view passwords - it's a massive security and a massive privacy risk, especially as a lot of people reuse passwords.

[PedroNL]

3 hours ago, Nathan Explosion said:

I think your use-case is going to have to be a lot better than "it would be nice" for something like this.

What purpose would it actually serve?

I recently migrated 1600 users to my new forum and I am using SSO with Google and now they are linking there account up.  If I could see the password on the system matches what I have then I would know what they were doing on there end is just typing thing wrong.  Otherwise I have to remote into there computer and help them get it setup.

[Woodsman]

16 minutes ago, PedroNL said:

I recently migrated 1600 users to my new forum and I am using SSO with Google and now they are linking there account up.  If I could see the password on the system matches what I have then I would know what they were doing on there end is just typing thing wrong.  Otherwise I have to remote into there computer and help them get it setup.

There is no need to remote into a clients computer for this... All you need to do is access their account and change the password to a temporary PW then notify the individual(s) of the temporary PW.... I would also advise them to change it as soon as possible with a new one of their own

[PedroNL]

With google SSo you have to link the 2 accounts up by typing in the pw to make sure they link properly to retain the # of post. 

[Woodsman]

That can be done inside the ACP as well without Google  if we are talking 2 separate IPB sites.

 

But if on the same site why would there be a need for 2 accounts in the first place?

[PedroNL]

Example... When users were on wordpress they had e-mails for @joinme.com on the new site google sso requires it to be sameid@joinmenow.com. On the wordpress site the pw were managed by another company that didn't standards the pw set by my company. Now that they are on the new IPS forum and using google SSO the pw are standard.  So I have to go reset every account to what I have on my end in IPS.  Sometimes the users are getting locked out and I don't know if it was password or because they were typing it wrong.

[Woodsman]

If they are typing it wrong in the first place they have 3 choices, 
1. After 3 wrong attempts they have a 3 minute wait before trying again which can also be altered by an admin for less or more wait time.
2. They can follow the instructions for a "Lost Password".
3. They can ask an admin to reset it with a temporary password.

One thing people forget and that is to change their passwords periodically.... This has been Good security sense from the beginning of the internet. So I would think twice before using any application that required same passwords.

[sudo]

Just a thought but you could write a small php page which basically generates a hash you could compare against the db. That way you know if they are typing it wrong without having everyones password stored in clear text.