zIWT meta: Which is better:
- (admin)
- (66)
- Nov. 30, 2004, 09:02:55 PM EST
3)
-NT
- (mmoffitt)
- Nov. 30, 2004, 02:43:44 PM EST
1)
- (jb4)
- (3)
- Nov. 30, 2004, 02:50:26 PM EST
Not for long, at least...
-NT
- (admin)
- (2)
- Nov. 30, 2004, 02:51:30 PM EST
Is that a threat?!?
-NT
- (jb4)
- (1)
- Nov. 30, 2004, 05:27:37 PM EST
You should know by now...
- (admin)
- Nov. 30, 2004, 05:31:06 PM EST
3, with verification
- (Arkadiy)
- (29)
- Nov. 30, 2004, 02:52:40 PM EST
Seconded.
-NT
- (Yendor)
- Nov. 30, 2004, 02:54:26 PM EST
NO
- (FuManChu)
- (27)
- Nov. 30, 2004, 02:57:04 PM EST
Er, buh?
- (admin)
- (3)
- Nov. 30, 2004, 02:58:41 PM EST
That's enough of a detriment not to warrant the risk IMO
-NT
- (FuManChu)
- (2)
- Nov. 30, 2004, 04:13:16 PM EST
?
-NT
- (admin)
- (1)
- Nov. 30, 2004, 04:16:38 PM EST
??
-NT
- (drewk)
- Nov. 30, 2004, 05:46:20 PM EST
Yeah
- (Yendor)
- (11)
- Nov. 30, 2004, 03:01:36 PM EST
How is that insecure?
- (FuManChu)
- (2)
- Nov. 30, 2004, 04:17:29 PM EST
You're unclear on this.
- (admin)
- (1)
- Nov. 30, 2004, 04:18:26 PM EST
See below.
-NT
- (FuManChu)
- Nov. 30, 2004, 04:22:21 PM EST
You only need one field labeled "Hint"
- (tuberculosis)
- (7)
- Aug. 21, 2007, 06:13:52 AM EDT
Sure...
- (Yendor)
- (6)
- Dec. 1, 2004, 02:06:55 PM EST
Bah.
- (admin)
- Dec. 1, 2004, 02:10:59 PM EST
Not quite
- (FuManChu)
- (4)
- Dec. 1, 2004, 04:35:59 PM EST
And my point is...
- (Yendor)
- (3)
- Dec. 1, 2004, 08:03:26 PM EST
I have a standard formula I use for passwords.
- (folkert)
- (2)
- Dec. 1, 2004, 10:20:06 PM EST
I also have a standard formula
- (daemon)
- (1)
- Dec. 1, 2004, 10:40:44 PM EST
Ding, Ding, Ding.
- (folkert)
- Dec. 1, 2004, 11:06:54 PM EST
It's only insecure if the user is allowed to proceed
- (imric)
- (10)
- Nov. 30, 2004, 03:13:54 PM EST
Bah. Risk is the issue.
- (FuManChu)
- (9)
- Nov. 30, 2004, 04:22:03 PM EST
So what's YOUR suggestion?
-NT
- (admin)
- (4)
- Nov. 30, 2004, 04:23:51 PM EST
Unfortunately for you #1 ;)
- (FuManChu)
- (3)
- Nov. 30, 2004, 04:39:05 PM EST
WTF?
- (admin)
- (2)
- Nov. 30, 2004, 04:41:00 PM EST
Sorry. You're right. I didn't read carefully.
- (FuManChu)
- (1)
- Nov. 30, 2004, 04:44:04 PM EST
So how does that change your answer?
- (admin)
- Nov. 30, 2004, 04:48:36 PM EST
Same risk than we have now during login.
- (imric)
- (2)
- Nov. 30, 2004, 04:30:48 PM EST
Same outcome, different risk--the attack surface has doubled
-NT
- (FuManChu)
- Nov. 30, 2004, 04:37:17 PM EST
Not mine.
- (CRConrad)
- Dec. 1, 2004, 02:33:03 AM EST
Can we please weight the risks
- (Arkadiy)
- Dec. 1, 2004, 02:04:43 PM EST
3) with some safeguards?
- (Another Scott)
- Nov. 30, 2004, 02:55:35 PM EST
4) WikiWay: everything wide open ... muuuaaaahahahahahaha
-NT
- (drewk)
- (1)
- Nov. 30, 2004, 03:29:24 PM EST
Shaddap wid' yer shaddin' ap...
-NT
- (admin)
- Nov. 30, 2004, 03:30:31 PM EST
3 with a "what is your dog's name?" thingie
-NT
- (Silverlock)
- Nov. 30, 2004, 03:44:54 PM EST
I'll join Ark, Scott(2), Don(Silverback), and YendorMike: 3+
- (CRConrad)
- (2)
- Nov. 30, 2004, 04:07:55 PM EST
<raises hand> on that last bit. :-)
-NT
- (Another Scott)
- Nov. 30, 2004, 04:12:16 PM EST
Aye - 3) with
- (imric)
- Nov. 30, 2004, 04:24:18 PM EST
Another few options:
- (admin)
- (9)
- Nov. 30, 2004, 04:50:29 PM EST
I'd rather not vote on solutions until we discuss risks
- (FuManChu)
- (8)
- Nov. 30, 2004, 05:43:54 PM EST
Re: I'd rather not vote on solutions until we discuss risks
- (admin)
- (7)
- Nov. 30, 2004, 05:53:17 PM EST
Okay, start with costs of current proposals
- (FuManChu)
- (3)
- Nov. 30, 2004, 07:39:31 PM EST
Missed the point. :-)
- (admin)
- (2)
- Nov. 30, 2004, 08:53:54 PM EST
Understood, but you're use case #1
- (FuManChu)
- (1)
- Nov. 30, 2004, 10:29:59 PM EST
I can do private keys...
- (folkert)
- Nov. 30, 2004, 10:40:15 PM EST
What do you want the software to do?
- (Another Scott)
- (2)
- Nov. 30, 2004, 09:10:22 PM EST
Nope, wrong
- (drewk)
- (1)
- Nov. 30, 2004, 09:35:34 PM EST
Yes, a *good* challenge question would be needed.
- (Another Scott)
- Nov. 30, 2004, 11:26:03 PM EST
how about 4, the way we do it now
- (daemon)
- (3)
- Nov. 30, 2004, 05:18:15 PM EST
Which is?
- (Another Scott)
- Nov. 30, 2004, 05:21:17 PM EST
And what would that be?
- (admin)
- (1)
- Nov. 30, 2004, 05:21:46 PM EST
the way it works now
- (daemon)
- Nov. 30, 2004, 05:34:53 PM EST
How about 5...
- (jb4)
- Nov. 30, 2004, 05:32:45 PM EST
16) Storing them encrypted with a "reset my password" featur
- (folkert)
- Nov. 30, 2004, 06:38:09 PM EST
A variation on 2)
- (altmann)
- Nov. 30, 2004, 07:36:03 PM EST
3), with a question 1st.
-NT
- (broomberg)
- Nov. 30, 2004, 08:03:43 PM EST
3 with a proviso
- (ChrisR)
- (1)
- Nov. 30, 2004, 08:23:21 PM EST
I like that!
-NT
- (Arkadiy)
- Dec. 1, 2004, 02:10:44 PM EST
3. Puts the onus of keeping valid email address on user.
-NT
- (a6l6e6x)
- Nov. 30, 2004, 09:08:12 PM EST
3
-NT
- (pwhysall)
- Dec. 1, 2004, 07:52:52 AM EST
6.
- (static)
- Dec. 5, 2004, 08:45:34 PM EST
"zIWT meta: Which is better:" Voting/Ratification (new thread)
- (folkert)
- Dec. 5, 2004, 09:59:30 PM EST
