On Thursday 22 November 2001 07:13 pm, Mike Orr wrote: > For instance, the fallback challenge question is good for users who > frequent the site and have some level of commitment to it. �It's less > good for occasional users who maybe aren't sure about the site, to > whom one more personal question may be too many (like I was about > Yahoo's birthdate question), or who aren't thrilled about memorizing > yet another piece of information (who did I say my favorite sports > hero is, and how did I spell it?)
How secure is the so-called "challenge question" anyway? I think it's real name should be "hinted password". If you have both a password and a hinted password, isn't your security as low as the lowest security of the two? If so, why have both? If I know your challenge question is "What is your favorite color?" then I'll probably have your account pretty quick. Unless you give a non-related answer, but then you may have trouble remembering that. If the question is "What is your zip code?" then as your coworker in the office, I'm in. This might be mitigated by choosing a more clever question, but then you've got to think it up and make sure you don't forget the response. Of course, I'll need to be able to intercept your e-mail to get the info, but that's no different than for the mail-the-password approach. -Chuck _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
