The problem with requiring any sort of question, but especially requiring
the user to pick from a list of common questions, is that the answers are
not secure. With a little effort, you can uncover people's social security
numbers, mother's maiden names, etc. All of my neighbors and many of my
coworkers (past and present) know my pet's name.
--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
Email: [EMAIL PROTECTED]
WWW: http://www.evoch.com/
-----Original Message-----
From: Matt Robertson [mailto:[EMAIL PROTECTED]
Sent: Monday, January 05, 2004 5:26 PM
To: CF-Talk
Subject: Re:Password Logic
>was it "mom"... or "Mom"... or "mother"
Don't forget 'mom.' and all the variants thereto. I got burned on that one
once.
I think some variation of hint/answer is about as good as you're going to
get. There are other things you can do, like ask for some sort of
supposedly private ID number or somesuch, but nothing is going to be
perfect, and maybe not better. I'd love to see someone build a better
mousetrap.
One thing you can do: Provide a list of questions the user must pick from.
City of birth, favorite pet's name etc. Then the user is limited in the
creativity they can apply to the question and you can maybe minimize the
screwup potential as a result.
--
-------------------------------------------
Matt Robertson, [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
-------------------------------------------
--
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
