Retrieving password when the password stored as a hash value

Question

Can users request that their password be emailed to themselves if the password is stored as a hash value?

Is there any way to convert a hash value to the clear text value with the proper information (& what information would you need)?

If a user has the same password hash value stored on two sites, would their password be the same for both sites?

Answer 1

If you're only storing a hash of the password, then no. ...and you should only be storing a properly-salted hash of their password, anyway.

Password reset mechanisms are the proper alternative.

Answer 2

Hashed passwords cannot be retrieved in general (this depends on the hashing function, secure hashes cannot be retrieved). If they have the same hash on two sites, they could have the same password, this depends on the hash salt used by the sites, what method etc.

If your password is securely stored in a good hashing system, a provider should never be able to email you your password, you must reset your password if you forget it.