I've have an asp.net web app, forms authentication, that's uses Hashed password type.
Will I run across any problems if I change the password type to Encrypted?
I see that, if I change to Encrypted, attempted password recovery for old hashed passwords fails gracefully, which is good. Are there any not so good things that might show up if I change.
If someone changes their password after I make the change to Encrypted the password type stays as Hashed. Is there any way to force it to store the new password as Encrypted instead?
Best Answer
Why?
Hashed is safer (password recovery: generate a new password and send that).
The only reason I can see to use encrypted is if the passwords are needed by the system itself (e.g. to authenticate to another system as the user).