The purpose of the captchas and security question is to prevent automated login attempts and automated password guessing.
-----Original Message----- From: talk-boun...@lists.nyphp.org [mailto:talk-boun...@lists.nyphp.org] On Behalf Of Tom Melendez Sent: Wednesday, December 24, 2008 5:19 PM To: NYPHP Talk Subject: Re: [nyphp-talk] Captcha/Question On Wed, Dec 24, 2008 at 2:01 PM, Michele Waldman <mmwald...@nyc.rr.com> wrote: > I see zencart moved from using a captcha to a security question. > Do you know why? (I'm asking, I don't know why either) Do they let you enable one instead of the other? > > > They only have a finite number of questions like "What is the color of a > blue sky?" > Is it possible to add your own? > > > Can't that be easily gotten around? > > You can just read the security question from the page and program the > response for that question. > Well, the answer is per user, so you would have to know their answer to begin with, right? > > > Thoughts on captchas and security questions? > Well, either or both combined shouldn't define your security policy. For example, if you're running on a shared host, or non-SSL your "security" is very limited. What are you trying to protect against? What is your concern? With that said, I tend to like the multi-step process that involves both. Tom http://www.liphp.org _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
