On Thu, 3 Jul 2008, Alan Burlison wrote: > To ask for a password reset you will have to answer a captcha, and your
Is captcha one of those distorted images that the user has read and then enter into a dialog box? If so, count me VERY strongly against this idea. > questions. If you get the questions wrong more than a given number of > times the account will be permanently locked. If you answer the Ah, a DoS feature... > Actually, you get *worse* security if you email it. If you display > stuff in a browser you can send it via HTTPS, and it has a limited > lifespan. Nearly all mail is in plaintext, and tends to stay in an > inbox for a significant amount of time. Yes I know about PGP, but not > that many people use it. This bit I do agree with. -- Rich Teer, SCSA, SCNA, SCSECA CEO, My Online Home Inventory URLs: http://www.rite-group.com/rich http://www.linkedin.com/in/richteer http://www.myonlinehomeinventory.com _______________________________________________ website-discuss mailing list [email protected]
