I have found that when changing to hashed passwords for some reason that I haven't been able to figure out yet, it doesn't seem to clear the site settings cache so login fails because it hasn't detected the change because the cached copy of site settings still has the previous password format.

You can work around it by touching Web.config file to recycle the app and clear the cache after changing the format (just type a space in it and save or download and re-upload the Web.config if on a host).

Changing password format is not something you want to do frequently, once you decide on it you should stick with it. I would first change your admin user to your own email address and password. I would recommend encrypted over hashed unless you have very high security needs. Password recovery only works with clear text and encrypted and we don't currently have a mechanism for users to reset their password if using hashed, though an admin can set it (but then the admin knows what it is).

To change to encrypted after having already changed to hashed, you would have to change back to clear text first. Since hashed can't be decrypted a new random password will be generated that you'll have to lookup in the db and optionally change to what you want then make the change to encrypted.

Hope it helps,

Joe

If its not changing in the db it sounds like a bug. However I can't produce it here running the latest code. Any more info about your environment, db platform IIS version, medium trust or full?

I agree with your reasoning about the risky user behavior such as using the same password across sites, but its not for me to decide, I leave it up to site owners.

Generally I try to encourage use of OpenID or Windows Live ID among users in which case we don't have their passwords at all and they can use the same one across supported sites.

Not being able to recover a hashed password is a feature of using hashed passwords, however, we currently lack a usable alternative like the ability to reset it which is really needed for this case.   The idea would be that the user can click the "I forgot my password" link and be able to send an email to their own account. The email would have a link with a code to allow the user to change his password without knowing the current password. The code would have a short expiration.

I plan to implement this as soon as I have time but I have a lot of irons in the fire at the moment.

Best,

Joe

Hi Alain,

I don't need the code, but the approach is a good suggestion as it would certainly be easier to implement than what I had thought of and it seems a more obvious approach now that you've said it.

I will try to get to that very soon, hopefully before the next release which is coming out next week.

Best,

Joe