java - how do i retrieve the original plaintext password of a hashed password

Question

I have gone through many articles and they all dicuss/advice how to convert a plain text password in to a hashed password and store in the database.

My question is, if the plain text password is hashed and stored in the database then how do i retrieve the original plaintext password if the user forgets the password ?

Ours is not a financial application like banking which requires very high security. Also my application demands us, to some extent to, to login and check the user account. Is there any way to do this, if we start storing the passwords by hashing them?

Answer 1

You don't. The only way you SHOULD do this process is to reset the user's password with something else that they can remember.

When you hash the password you run plaintext through an algorithm, the result of the algorithm is then stored to the database. To check to see if the user's password is correct (at their next log on) is to run the same algorithm again and compare the output to what's stored in the database - i.e. if the hashes match then the user's password must be right.