Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Re: Re: Re: Re: We blame tye.

by QwertyD (Pilgrim)
on Mar 22, 2002 at 23:08 UTC ( [id://153671]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Re: We blame tye.
in thread We blame tye.

To get around this, some sites ask the user for a hint question when they register. If the user forgets their password, they must answer their hint question (which they hopefully still remember), and supply some other personal information (which is verified against the info they provided upon registering). A new password is generated and emailed only if the above are correct. I'm pretty sure Yahoo does this for My Yahoo, Yahoo Mail, and the like.

Another idea would be to generate a new password, but revert to the old one after, say, ten minutes if the user doesn't log in and change it. In this case, you would still let the user log in with the old password within those ten minutes. I realize this might not be easy to impliment ontop of an existing username/password database, though.

Replies are listed 'Best First'.
(tye)Re2: We blame tye.
by tye (Sage) on Mar 23, 2002 at 08:37 UTC

    We could ask for your e-mail address and "real name" before we would reset your password. But I'll just be happy to not include the password in the "edit user" HTML code and to require that the password be reentered in order for you to be able to change it.

    I'd also like to see https supported (which might also solve the "too many dirty words counted at the firewall" problem for particle). I have yet to even looked into how hard that would be, though.

            - tye (but my friends call me "Tye")
[reply]
Re: Re: Re: Re: Re: We blame tye.
by no_slogan (Deacon) on Mar 23, 2002 at 18:55 UTC
    If the user forgets their password, they must answer their hint question (which they hopefully still remember), and supply some other personal information (which is verified against the info they provided upon registering).
    Unfortunately, easy to remember == easy to guess (especially if it's someone you know), and "other personal information" is usually not hard to find with some research. Sometimes, you won't know the real identity that goes with someone's online persona, so that won't get you anywhere. Sometimes, you will, though. That solution is probably better than nothing, though.
[reply]

In Section Perl Monks Discussion

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://153671]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (1)
As of 2024-04-25 00:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found