I created a page with users details. Where I can see all the details of users, able to change them if needed. I want to create and check the password for users, and in case when user forgot his password, to provide it. BUT!
I can see only hashed password. the password encoded by BCryptPasswordEncoder
.
is there any method for be able to decode this password and to display normal password
I tried to find the answer in internet, but seams that I put the wrong request....
Thank you in advance!
Nope, it is not possible as hashing is a one-way process of transforming input to the fixed-length output.
I suggest rather introducing a password reset mechanism over revealing the password, which is not possible if you use a one-way hashing algorithm.
There are, however, legit use cases a secure piece of information can be revealed to the customer/user, for example, the credit/debit card PIN can be displayed on request in most mobile or internet banking applications.
In such a case, the information (card PIN) has to be encrypted by a 2-way algorithm so you don't lose its raw version. I recommend generating a unique key and using salt for each user. I also recommend using another security layer such as OTP challenge.