In Kartris, passwords are hashed for additional security. This means that the raw password is not stored in the database; instead, a function called a 'hash' is used to scramble the password, and this scrambled value is stored. When a customer logs in, the password they give is also scrambled and then compared to the stored scrambled password to make sure they match.

Because the raw password is not stored, the system cannot send the password to the customer as a reminder because the hash is not reversible. Similarly, you cannot find the password of a customer or an admin from the back end, or even by looking directly into the database.

Therefore if a customer loses or forgets their password, it must be reset. There are two ways to do this (1) the store owner can change any customer password from the back end (2) the customer can request a password change from the front end.

In the first case above, you should always be careful when customers request a password change on the telephone or by email that you are absolutely 100% sure that the customer is the genuine owner of the account.

In the second case (online request to change password), the customer will be sent a link to the email address of their account that is valid for a limited period (1 hour) and that will allow them to reset their password.

Powered by tomeCMS