homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

Reset passwords, without email verification
Need a few ideas

5+ Year Member

Msg#: 4473290 posted 4:28 pm on Jul 6, 2012 (gmt 0)

Has anyone ever come across a decent password reset scheme, that does not rely on an email address being emailed a password or reset link, and does not rely on the rather simple 'Mother's maiden name' security questions either?

The reason behind this is that many of our users do not have their own email address (that they use for our services anyway), and it appears as though our current way of emailing the registered email address a link by which they can reset their password, when they forget their password, isn't working too well.

Has anyone got any ideas? I'm up for something totally unconventional, if it calls for it!



WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4473290 posted 3:29 am on Jul 7, 2012 (gmt 0)

Multi factor validation?

Ask three questions on signup and all three must be correct to allow any account modification.

Don't make it mother's maiden, birthday, pet's name, or allow them to create their own. People are lazy and create lazy questions that will invariably make it insecure. Get creative with it, maybe even use a database of several hundred questions of which three are randomly selected at signup time so not two members have the exact same questions.


5+ Year Member

Msg#: 4473290 posted 4:50 am on Jul 7, 2012 (gmt 0)

Using 3 questions of their own choice would be better overall. Otherwise they may never get the answer. On a site for local residents we have some trick questions in the signup form like what do you see along the roadside on the way there, and most get that wrong.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved