zIWT meta: Which is better: - (admin) - (66) - Nov. 30, 2004, 09:02:55 PM EST
         3) -NT - (mmoffitt) - Nov. 30, 2004, 02:43:44 PM EST
         1) - (jb4) - (3) - Nov. 30, 2004, 02:50:26 PM EST
             Not for long, at least... -NT - (admin) - (2) - Nov. 30, 2004, 02:51:30 PM EST
                 Is that a threat?!? -NT - (jb4) - (1) - Nov. 30, 2004, 05:27:37 PM EST
                     You should know by now... - (admin) - Nov. 30, 2004, 05:31:06 PM EST
         3, with verification - (Arkadiy) - (29) - Nov. 30, 2004, 02:52:40 PM EST
             Seconded. -NT - (Yendor) - Nov. 30, 2004, 02:54:26 PM EST
             NO - (FuManChu) - (27) - Nov. 30, 2004, 02:57:04 PM EST
                 Er, buh? - (admin) - (3) - Nov. 30, 2004, 02:58:41 PM EST
                     That's enough of a detriment not to warrant the risk IMO -NT - (FuManChu) - (2) - Nov. 30, 2004, 04:13:16 PM EST
                         ? -NT - (admin) - (1) - Nov. 30, 2004, 04:16:38 PM EST
                             ?? -NT - (drewk) - Nov. 30, 2004, 05:46:20 PM EST
                 Yeah - (Yendor) - (11) - Nov. 30, 2004, 03:01:36 PM EST
                     How is that insecure? - (FuManChu) - (2) - Nov. 30, 2004, 04:17:29 PM EST
                         You're unclear on this. - (admin) - (1) - Nov. 30, 2004, 04:18:26 PM EST
                             See below. -NT - (FuManChu) - Nov. 30, 2004, 04:22:21 PM EST
                     You only need one field labeled "Hint" - (tuberculosis) - (7) - Aug. 21, 2007, 06:13:52 AM EDT
                         Sure... - (Yendor) - (6) - Dec. 1, 2004, 02:06:55 PM EST
                             Bah. - (admin) - Dec. 1, 2004, 02:10:59 PM EST
                             Not quite - (FuManChu) - (4) - Dec. 1, 2004, 04:35:59 PM EST
                                 And my point is... - (Yendor) - (3) - Dec. 1, 2004, 08:03:26 PM EST
                                     I have a standard formula I use for passwords. - (folkert) - (2) - Dec. 1, 2004, 10:20:06 PM EST
                                         I also have a standard formula - (daemon) - (1) - Dec. 1, 2004, 10:40:44 PM EST
                                             Ding, Ding, Ding. - (folkert) - Dec. 1, 2004, 11:06:54 PM EST
                 It's only insecure if the user is allowed to proceed - (imric) - (10) - Nov. 30, 2004, 03:13:54 PM EST
                     Bah. Risk is the issue. - (FuManChu) - (9) - Nov. 30, 2004, 04:22:03 PM EST
                         So what's YOUR suggestion? -NT - (admin) - (4) - Nov. 30, 2004, 04:23:51 PM EST
                             Unfortunately for you #1 ;) - (FuManChu) - (3) - Nov. 30, 2004, 04:39:05 PM EST
                                 WTF? - (admin) - (2) - Nov. 30, 2004, 04:41:00 PM EST
                                     Sorry. You're right. I didn't read carefully. - (FuManChu) - (1) - Nov. 30, 2004, 04:44:04 PM EST
                                         So how does that change your answer? - (admin) - Nov. 30, 2004, 04:48:36 PM EST
                         Same risk than we have now during login. - (imric) - (2) - Nov. 30, 2004, 04:30:48 PM EST
                             Same outcome, different risk--the attack surface has doubled -NT - (FuManChu) - Nov. 30, 2004, 04:37:17 PM EST
                             Not mine. - (CRConrad) - Dec. 1, 2004, 02:33:03 AM EST
                         Can we please weight the risks - (Arkadiy) - Dec. 1, 2004, 02:04:43 PM EST
         3) with some safeguards? - (Another Scott) - Nov. 30, 2004, 02:55:35 PM EST
         4) WikiWay: everything wide open ... muuuaaaahahahahahaha -NT - (drewk) - (1) - Nov. 30, 2004, 03:29:24 PM EST
             Shaddap wid' yer shaddin' ap... -NT - (admin) - Nov. 30, 2004, 03:30:31 PM EST
         3 with a "what is your dog's name?" thingie -NT - (Silverlock) - Nov. 30, 2004, 03:44:54 PM EST
         I'll join Ark, Scott(2), Don(Silverback), and YendorMike: 3+ - (CRConrad) - (2) - Nov. 30, 2004, 04:07:55 PM EST
             <raises hand> on that last bit. :-) -NT - (Another Scott) - Nov. 30, 2004, 04:12:16 PM EST
             Aye - 3) with - (imric) - Nov. 30, 2004, 04:24:18 PM EST
         Another few options: - (admin) - (9) - Nov. 30, 2004, 04:50:29 PM EST
             I'd rather not vote on solutions until we discuss risks - (FuManChu) - (8) - Nov. 30, 2004, 05:43:54 PM EST
                 Re: I'd rather not vote on solutions until we discuss risks - (admin) - (7) - Nov. 30, 2004, 05:53:17 PM EST
                     Okay, start with costs of current proposals - (FuManChu) - (3) - Nov. 30, 2004, 07:39:31 PM EST
                         Missed the point. :-) - (admin) - (2) - Nov. 30, 2004, 08:53:54 PM EST
                             Understood, but you're use case #1 - (FuManChu) - (1) - Nov. 30, 2004, 10:29:59 PM EST
                                 I can do private keys... - (folkert) - Nov. 30, 2004, 10:40:15 PM EST
                     What do you want the software to do? - (Another Scott) - (2) - Nov. 30, 2004, 09:10:22 PM EST
                         Nope, wrong - (drewk) - (1) - Nov. 30, 2004, 09:35:34 PM EST
                             Yes, a *good* challenge question would be needed. - (Another Scott) - Nov. 30, 2004, 11:26:03 PM EST
         how about 4, the way we do it now - (daemon) - (3) - Nov. 30, 2004, 05:18:15 PM EST
             Which is? - (Another Scott) - Nov. 30, 2004, 05:21:17 PM EST
             And what would that be? - (admin) - (1) - Nov. 30, 2004, 05:21:46 PM EST
                 the way it works now - (daemon) - Nov. 30, 2004, 05:34:53 PM EST
         How about 5... - (jb4) - Nov. 30, 2004, 05:32:45 PM EST
         16) Storing them encrypted with a "reset my password" featur - (folkert) - Nov. 30, 2004, 06:38:09 PM EST
         A variation on 2) - (altmann) - Nov. 30, 2004, 07:36:03 PM EST
         3), with a question 1st. -NT - (broomberg) - Nov. 30, 2004, 08:03:43 PM EST
         3 with a proviso - (ChrisR) - (1) - Nov. 30, 2004, 08:23:21 PM EST
             I like that! -NT - (Arkadiy) - Dec. 1, 2004, 02:10:44 PM EST
         3. Puts the onus of keeping valid email address on user. -NT - (a6l6e6x) - Nov. 30, 2004, 09:08:12 PM EST
         3 -NT - (pwhysall) - Dec. 1, 2004, 07:52:52 AM EST
         6. - (static) - Dec. 5, 2004, 08:45:34 PM EST
         "zIWT meta: Which is better:" Voting/Ratification (new thread) - (folkert) - Dec. 5, 2004, 09:59:30 PM EST