[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cpx] Wishlist: forgotten password

Subject: Re: [cpx] Wishlist: forgotten password
From: Scott Wiersdorf <scott@xxxxxxxxxxxx>
Date: Fri, 22 Apr 2005 17:06:57 -0600

On Fri, Apr 22, 2005 at 03:14:56PM -0500, Rae French wrote:
> At this point, there isn't anyway for the user to access their account 
> without our intervention if they forgot their password.

That's correct. The domain admin can intervene, if you have that kind
of a hierarchy.

> Then how about a script-generated one that would overwrite the existing 
> one? 

I still don't see how the end user could receive the new password
securely. I can't be mailed to their CPX account (since they need the
password to login). I'm open to any other ideas you might have on
this. You can do the "what is the name of your pet?" style of
authentication, but that's essentially another (much, much, weaker)
form of authentication and has to be stored also somewhere on the
server.

Scott
-- 
Scott Wiersdorf
<scott@xxxxxxxxxxxx>
======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re: [cpx] Wishlist: forgotten password
  - From: Rae French

References:
- [cpx] Wishlist: forgotten password
  - From: Rae French
- Re: [cpx] Wishlist: forgotten password
  - From: Scott Wiersdorf
- Re: [cpx] Wishlist: forgotten password
  - From: Rae French

Prev by Date: Re: [cpx] File Management?
Next by Date: Re: [cpx] File Management?
Previous by thread: Re: [cpx] Wishlist: forgotten password and more
Next by thread: Re: [cpx] Wishlist: forgotten password
Index(es):
- Date
- Thread

Home | Main Index | Thread Index