Ben Bleything responded: > > Also, instead of locking down the recovery mechanism why not use > > something external? Refusing to email a key for a privileged account > > requires another admin to generate the hash and send it via a trusted > > mechanism. > > What do you mean by "something external?"
Telephone. Yelling across the room. IM (+crypt/otr maybe). SMS. Things that you may already be using and trust. I built a system like this for work. Someone typically calls up, we verify ID, plain text IM the key, and wait for confirmation. We've never had an account hijacked in the 60 seconds it takes the users to confirm the reset. If it did happen I'd just turn off the account immediately. I may not have been clear, but I meant this for privileged accounts only. But if you have none and the admins are working directly in the database then I don't see any need for this. -david _______________________________________________ PDXRuby mailing list [email protected] IRC: #pdx.rb on irc.freenode.net http://lists.pdxruby.org/mailman/listinfo/pdxruby
