When is it a good idea to store passwords in clear text?

Question

I am working on an application that is targetted at non technical users. I expect a large number of support calls regarding lost passwords and inability to login.

I am u

Answer 1

It is never a good idea to store password in database. Store a hash of password (possibly salted). In case of lost passwords, generate a new one and send it to their verified email address - make sure they change this autogenerated password on the next login.

Your target-audience may be non technical, but that won't be the case with their friends who are casual/professional pranksters. Non technical users must be treated with extra care because they are more likely to keep same username/password combination for your small application, the Google account and the online banking account (if the bank accepts that password). They will lose their data/mail accounts/money and you will lose trust and customers.

Here is a blog post on storing passwords in databases worth reading by @codinghorror