homepage Welcome to WebmasterWorld Guest from 107.22.70.215
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Reset passwords, without email verification
Need a few ideas
bhonda




msg:4473292
 4:28 pm on Jul 6, 2012 (gmt 0)

Has anyone ever come across a decent password reset scheme, that does not rely on an email address being emailed a password or reset link, and does not rely on the rather simple 'Mother's maiden name' security questions either?

The reason behind this is that many of our users do not have their own email address (that they use for our services anyway), and it appears as though our current way of emailing the registered email address a link by which they can reset their password, when they forget their password, isn't working too well.

Has anyone got any ideas? I'm up for something totally unconventional, if it calls for it!

 

rocknbil




msg:4473418
 3:29 am on Jul 7, 2012 (gmt 0)

Multi factor validation?

Ask three questions on signup and all three must be correct to allow any account modification.

Don't make it mother's maiden, birthday, pet's name, or allow them to create their own. People are lazy and create lazy questions that will invariably make it insecure. Get creative with it, maybe even use a database of several hundred questions of which three are randomly selected at signup time so not two members have the exact same questions.

Kendo




msg:4473431
 4:50 am on Jul 7, 2012 (gmt 0)

Using 3 questions of their own choice would be better overall. Otherwise they may never get the answer. On a site for local residents we have some trick questions in the signup form like what do you see along the roadside on the way there, and most get that wrong.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved