joined:June 29, 2005
Has anyone ever come across a decent password reset scheme, that does not rely on an email address being emailed a password or reset link, and does not rely on the rather simple 'Mother's maiden name' security questions either?
The reason behind this is that many of our users do not have their own email address (that they use for our services anyway), and it appears as though our current way of emailing the registered email address a link by which they can reset their password, when they forget their password, isn't working too well.
Has anyone got any ideas? I'm up for something totally unconventional, if it calls for it!