30.06.2014, 12:58
I'd suggest either allow players to enter a security question, or allow them to define an email address.
Security Question:
-----------------------
You could still hash this with SHA1 or MD5 into the database (their answer), and on a web page allow them to input text and also hash that, compare the two strings to see if the answer they provided matches their security question answer, and if so allow them to set a new password on your website.
Email Address:
-----------------------
If they have an email address, have a password reset link sent to their email address which, when clicked, allows them to set a new password.
Security Question:
-----------------------
You could still hash this with SHA1 or MD5 into the database (their answer), and on a web page allow them to input text and also hash that, compare the two strings to see if the answer they provided matches their security question answer, and if so allow them to set a new password on your website.
Email Address:
-----------------------
If they have an email address, have a password reset link sent to their email address which, when clicked, allows them to set a new password.