[coming in late...] Alan Burlison wrote: > To ask for a password reset you will have to answer a captcha, and your > account will be set to a state where you can't log in any more. A > time-limited reset token will be sent to your registered email address. > When you click on the token you'll have to answer two security > questions. If you get the questions wrong more than a given number of > times the account will be permanently locked.
and > We won't be mailing plaintext passwords, it is way too insecure. Yes, cleartext passwords in email are somewhat insecure. So what? Do we need perfect security? Is it secure enough? Is there such a thing as too much security? If so, how much is too much? How would we know if it is too much? My feeling is that we should strive to make sure that the cost of security (in complexity, frustration...) is not greater than the value of the thing being secured, and that it should be easy for people to interact with the system on a casual basis. We should look at sourceforge, google, yahoo and similar sites and seek to emulate what they do. The system described here sounds more like what my bank requires, and seems to have a non-trivial amount of built-in need for manual exception handling 100,000+ accounts translates into ?some number? of password resets per day. Some percentage of them will be fumbled, resulting in locked accounts - how much staffing should we allocate to deal with fixing those accounts? Do we have any metrics to help us here? > Why don't you just let people write their own questions? My wife was divorced before I met her. Her "ex" knows all these answers. Worse, he has used that knowledge to try to take over her bank accounts, museum memberships, and online accounts. Since he knows all these answers, they add no real security. There are several types of attackers out there, including random ones and "friends". Most of this thread seems focused on the former. A good security system should also pay attention to the source and frequency of password reset attempts as well as the email-of-record and look for patterns there. You can't protect against people who don't value their own security; if you try too hard to do so, you end up with a system that is hard for everyone else to use AND has a good chance of not being as secure as you thought. -John _______________________________________________ website-discuss mailing list [email protected]
