On Thursday 22 November 2001 19:13, Mike Orr wrote: > OK, but let's keep in mind that the main feature of Webware is > flexibility. We don't want to presume to know what the best > password-storage and password-recovery mechanism is for all sites; > instead, we want to provide alternative schemes the appadmin can > plug in or override as necessary. > > For instance, the fallback challenge question is good for users who > frequent the site and have some level of commitment to it. It's > less good for occasional users who maybe aren't sure about the > site, to whom one more personal question may be too many (like I > was about Yahoo's birthdate question), or who aren't thrilled about > memorizing yet another piece of information (who did I say my > favorite sports hero is, and how did I spell it?)
Darryl's suggestion would deal with that level of informality, although I'd much rather send them an email linking to a randomized URL that will allow them to enter a new password during a certain time-window. Sending passwords via email leaves it totally open to sniffing. _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
