I’m not sure if this is the correct place to ask this, so if there’s a better community please direct me to it.
I’m making a web app that I plan on hosting. Users will be able to create an account on the website. The only information about the user themself I store is email and an argon2 hash of the password. All the other information stored about a user’s account is specific to and only makes sense in the context of the app.
Now, while I only have one piece of PII, I’d prefer it to be zero. Ideally I’d replace the email with a username for the purpose of uniquely identifying users. However, there’s one problem: I want to be able to send an email to a user if they forget their password so they can reset it. I don’t know if there’s a way to do this without storing their email.
Is there a way to do the mentioned functionality without storing PII? Alternatively, is there another way of handling a user forgetting their password that doesn’t require them to remember anything and doesn’t need PII?
You need some kind of identifying information in order to restore a password without risks. It must be something that both you and the user remember, and that either nobody else know, either some user address unique to them.
One alternative address to email is phone number, but that’s potentially more identifyable and intrusive than email.
You could also generate an ID that you store hashed and send it to the user email at sign up time, and then ask the user to provide you this secret if they want to change the password. Actually, it would be a recovery password sent in plaintext to the email. Maybe showing it just once in the webapp and asking strongly to save this code safely? It would be equivalent as asking the user to save their password safely…
What do you think?
I just ended up storing a hash of the email.