John Plocher wrote: > My feeling is that we should strive to make sure that the cost of > security (in complexity, frustration...) is not greater than the > value of the thing being secured, and that it should be easy for > people to interact with the system on a casual basis.
The thing being secured is the ability to modify the Solaris source. I think that's worth being reasonably diligent about. > We should look at sourceforge, google, yahoo and similar sites > and seek to emulate what they do. The system described here sounds > more like what my bank requires, and seems to have a non-trivial > amount of built-in need for manual exception handling Actually, the whole point is to *reduce* the amount of manual exception handling. At the moment, if you mistype your new email address your account is inaccessible. With the new system you'll get a chance to have another go. > 100,000+ accounts translates into ?some number? of password resets > per day. Some percentage of them will be fumbled, resulting in > locked accounts - how much staffing should we allocate to deal > with fixing those accounts? Do we have any metrics to help us here? The current system doesn't ever 'fail' a password change request, or lock accounts out, so we don't have any metrics. >> Why don't you just let people write their own questions? > > My wife was divorced before I met her. Her "ex" knows all > these answers. Worse, he has used that knowledge to try to > take over her bank accounts, museum memberships, and online > accounts. Since he knows all these answers, they add no real > security. The security questions are just one layer, they are not the only security mechanism. Knowing the answers is only of any help if you can also intercept the reset token. > A good security system should also pay attention to the source > and frequency of password reset attempts as well as the > email-of-record and look for patterns there. That information will all be logged. > You can't protect against people who don't value their own > security; if you try too hard to do so, you end up with a > system that is hard for everyone else to use AND has a good > chance of not being as secure as you thought. So what is the alternative? -- Alan Burlison -- _______________________________________________ website-discuss mailing list [email protected]
