On Tue, Jul 01, 2008 at 11:05:35AM -0700, Rich Teer wrote: > On Tue, 1 Jul 2008, Alan Burlison wrote: > > > The new OpenSolaris.org membership application will start using security > > questions for self-service password resets. People will be able to > > pre-register a number of questions and answers, if they request a > > password reset they will need to supply the answers to the questions > > they previously set up. > > > > [...] > > > Comments and additions are gratefully accepted. > > Why don't you just let people write their own questions? Then you won't > have to worry about missing some important question.
In my experience, if you do that, people tend to write things like "what
is my password?", or "isn't your password pa55w0rd?", in which case
there is no secure means of even displaying the question.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
pgpl0e67lpWKY.pgp
Description: PGP signature
_______________________________________________ website-discuss mailing list [email protected]
