> I'd vote to be able to opt out of password resets. It's such an > "exception", that a reseller that forgets their password should just be > charged $10 or $20 for the reset, or whatever it costs support to do > it, and should be done over some secure connection. One method would be > to only allow the password to be sent via FAX, to a fax number that was > pre-specified.
Better yet, completely automate it, and let the RSP choose the method, either via secret question (and https display), email release (Supporting STARTTLS, as is true now) or fax release (pre-specified number), or disable completely. If the RSP's chosen method fails, then they have to contact support and pay $10-$20 for a password reset. -- If a train station is for trains to stop at, then I think I'm making good use of my work station.
