[WEB SECURITY] Password Recovery

Rich Salz rsalz at datapower.com
Wed Jun 15 22:13:01 EDT 2005

> Just thinking out loud, what if the user had to provide their username and
> answered their secret question - and only then would the password be emailed
> to the email address that matches the account?

Isn't this standard practice?  "We mailed a password to the email address
on file."

Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list