3) with some safeguards?

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #185,579

by Another Scott

11/30/04 2:55:35 PM

3) with some safeguards?

We certainly want to minimize annoyance of the admin. :-) Security is nice to have, but probably not essential here.

It seems like 3) is the way to go. But maybe try to minimize the potential for abuse by only permitting it to be reset once a day or once a week or something. Asking for the answer to a "hint" before giving out the password is another option, but what if one forgets the answer to that too? :-/

Perhaps cheap biometric sensors will make this moot. Until, that is, we all have Lasik eye surgery and burn off our fingerprints anyway... :-(

Cheers,
Scott.

zIWT meta: Which is better: - (admin) - (66) - Nov. 30, 2004, 09:02:55 PM EST

3) -NT - (mmoffitt) - Nov. 30, 2004, 02:43:44 PM EST

1) - (jb4) - (3) - Nov. 30, 2004, 02:50:26 PM EST

Not for long, at least... -NT - (admin) - (2) - Nov. 30, 2004, 02:51:30 PM EST

Is that a threat?!? -NT - (jb4) - (1) - Nov. 30, 2004, 05:27:37 PM EST

You should know by now... - (admin) - Nov. 30, 2004, 05:31:06 PM EST

3, with verification - (Arkadiy) - (29) - Nov. 30, 2004, 02:52:40 PM EST

Seconded. -NT - (Yendor) - Nov. 30, 2004, 02:54:26 PM EST

NO - (FuManChu) - (27) - Nov. 30, 2004, 02:57:04 PM EST

Er, buh? - (admin) - (3) - Nov. 30, 2004, 02:58:41 PM EST

That's enough of a detriment not to warrant the risk IMO -NT - (FuManChu) - (2) - Nov. 30, 2004, 04:13:16 PM EST

? -NT - (admin) - (1) - Nov. 30, 2004, 04:16:38 PM EST

?? -NT - (drewk) - Nov. 30, 2004, 05:46:20 PM EST

Yeah - (Yendor) - (11) - Nov. 30, 2004, 03:01:36 PM EST

How is that insecure? - (FuManChu) - (2) - Nov. 30, 2004, 04:17:29 PM EST

You're unclear on this. - (admin) - (1) - Nov. 30, 2004, 04:18:26 PM EST

See below. -NT - (FuManChu) - Nov. 30, 2004, 04:22:21 PM EST

You only need one field labeled "Hint" - (tuberculosis) - (7) - Aug. 21, 2007, 06:13:52 AM EDT

Sure... - (Yendor) - (6) - Dec. 1, 2004, 02:06:55 PM EST

Bah. - (admin) - Dec. 1, 2004, 02:10:59 PM EST

Not quite - (FuManChu) - (4) - Dec. 1, 2004, 04:35:59 PM EST

And my point is... - (Yendor) - (3) - Dec. 1, 2004, 08:03:26 PM EST

I have a standard formula I use for passwords. - (folkert) - (2) - Dec. 1, 2004, 10:20:06 PM EST

I also have a standard formula - (daemon) - (1) - Dec. 1, 2004, 10:40:44 PM EST

Ding, Ding, Ding. - (folkert) - Dec. 1, 2004, 11:06:54 PM EST

It's only insecure if the user is allowed to proceed - (imric) - (10) - Nov. 30, 2004, 03:13:54 PM EST

Bah. Risk is the issue. - (FuManChu) - (9) - Nov. 30, 2004, 04:22:03 PM EST

So what's YOUR suggestion? -NT - (admin) - (4) - Nov. 30, 2004, 04:23:51 PM EST

Unfortunately for you #1 ;) - (FuManChu) - (3) - Nov. 30, 2004, 04:39:05 PM EST

WTF? - (admin) - (2) - Nov. 30, 2004, 04:41:00 PM EST

Sorry. You're right. I didn't read carefully. - (FuManChu) - (1) - Nov. 30, 2004, 04:44:04 PM EST

So how does that change your answer? - (admin) - Nov. 30, 2004, 04:48:36 PM EST

Same risk than we have now during login. - (imric) - (2) - Nov. 30, 2004, 04:30:48 PM EST

Same outcome, different risk--the attack surface has doubled -NT - (FuManChu) - Nov. 30, 2004, 04:37:17 PM EST

Not mine. - (CRConrad) - Dec. 1, 2004, 02:33:03 AM EST

Can we please weight the risks - (Arkadiy) - Dec. 1, 2004, 02:04:43 PM EST

3) with some safeguards? - (Another Scott) - Nov. 30, 2004, 02:55:35 PM EST

4) WikiWay: everything wide open ... muuuaaaahahahahahaha -NT - (drewk) - (1) - Nov. 30, 2004, 03:29:24 PM EST

Shaddap wid' yer shaddin' ap... -NT - (admin) - Nov. 30, 2004, 03:30:31 PM EST

3 with a "what is your dog's name?" thingie -NT - (Silverlock) - Nov. 30, 2004, 03:44:54 PM EST

I'll join Ark, Scott(2), Don(Silverback), and YendorMike: 3+ - (CRConrad) - (2) - Nov. 30, 2004, 04:07:55 PM EST

<raises hand> on that last bit. :-) -NT - (Another Scott) - Nov. 30, 2004, 04:12:16 PM EST

Aye - 3) with - (imric) - Nov. 30, 2004, 04:24:18 PM EST

Another few options: - (admin) - (9) - Nov. 30, 2004, 04:50:29 PM EST

I'd rather not vote on solutions until we discuss risks - (FuManChu) - (8) - Nov. 30, 2004, 05:43:54 PM EST

Re: I'd rather not vote on solutions until we discuss risks - (admin) - (7) - Nov. 30, 2004, 05:53:17 PM EST

Okay, start with costs of current proposals - (FuManChu) - (3) - Nov. 30, 2004, 07:39:31 PM EST

Missed the point. :-) - (admin) - (2) - Nov. 30, 2004, 08:53:54 PM EST

Understood, but you're use case #1 - (FuManChu) - (1) - Nov. 30, 2004, 10:29:59 PM EST

I can do private keys... - (folkert) - Nov. 30, 2004, 10:40:15 PM EST

What do you want the software to do? - (Another Scott) - (2) - Nov. 30, 2004, 09:10:22 PM EST

Nope, wrong - (drewk) - (1) - Nov. 30, 2004, 09:35:34 PM EST

Yes, a *good* challenge question would be needed. - (Another Scott) - Nov. 30, 2004, 11:26:03 PM EST

how about 4, the way we do it now - (daemon) - (3) - Nov. 30, 2004, 05:18:15 PM EST

Which is? - (Another Scott) - Nov. 30, 2004, 05:21:17 PM EST

And what would that be? - (admin) - (1) - Nov. 30, 2004, 05:21:46 PM EST

the way it works now - (daemon) - Nov. 30, 2004, 05:34:53 PM EST

How about 5... - (jb4) - Nov. 30, 2004, 05:32:45 PM EST

16) Storing them encrypted with a "reset my password" featur - (folkert) - Nov. 30, 2004, 06:38:09 PM EST

A variation on 2) - (altmann) - Nov. 30, 2004, 07:36:03 PM EST

3), with a question 1st. -NT - (broomberg) - Nov. 30, 2004, 08:03:43 PM EST

3 with a proviso - (ChrisR) - (1) - Nov. 30, 2004, 08:23:21 PM EST

I like that! -NT - (Arkadiy) - Dec. 1, 2004, 02:10:44 PM EST

3. Puts the onus of keeping valid email address on user. -NT - (a6l6e6x) - Nov. 30, 2004, 09:08:12 PM EST

3 -NT - (pwhysall) - Dec. 1, 2004, 07:52:52 AM EST

6. - (static) - Dec. 5, 2004, 08:45:34 PM EST

"zIWT meta: Which is better:" Voting/Ratification (new thread) - (folkert) - Dec. 5, 2004, 09:59:30 PM EST

No matter what I accomplish in this life, nobody's going to sculpt my head in thermoplastic resin and make it spit water into the bedrooms of sick children.
98 ms