> I have to say that I think thats a very insecure > authentication method. Our > company deals heavily with finding people, and getting > information about > them, and I can say from experience here that getting > someone's SSN and > birthdate is a trivial task. You'd be much better off with > another system > such as the three authenticating questions someone propsed > earlier. I also > recommend PasswordSafe from www.counterpane.com its a free > product that > allows you to manage multiple passwords in a secure 448bit blowfish > encrypted storage. (that should help your users from forgetting their > passwords all the time)
Except when they forget the passphrase for their encrypted passwords :)
