[WEB SECURITY] Password Recovery

Rich Salz rsalz at datapower.com
Wed Jun 15 22:13:01 EDT 2005


> Just thinking out loud, what if the user had to provide their username and
> answered their secret question - and only then would the password be emailed
> to the email address that matches the account?

Isn't this standard practice?  "We mailed a password to the email address
on file."

	/r$
-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list