Use something other than the email address as the username. Offer to mail them their username if they forget it and enter their email address. Then the drunken co-eds would need to know a user name in order to mess with them.
Or only allow one reset per week / day / month etc. Make them call someone to have it happen more often. -----Original Message----- From: Richard White [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 20, 2006 9:56 AM To: CF-Talk Subject: Re: user accounts and passwords actually i have just thought of something that could happen with this method. My target audience are students at university. If someone has forgot their password and the system is designed for them to enter their email address, it will reset their password and send them the new password - then i was thinking that some students may get drunk and find it funny to keep entering their friends email addresses (or people they don't like) and continue to get them reset. do you guys use any way to get round this problem - maybe asking them a security question or something like before resetting their password thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:264616 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4