[WEB SECURITY] Password Recovery

Jeremiah Grossman jeremiah at whitehatsec.com
Thu Jun 16 13:58:40 EDT 2005

On Thursday, June 16, 2005, at 10:50  AM, prateek mishra wrote:

> I wonder if there are any good guidelines in this space. Has NIST 
> or any other group issued a set of "best practices" for password 
> management and recovery? 

"Best Practices", none that I have seen or read, but it would be great 
if there were. Especially if it was geared specifically for web 
application security.

>  I didn't find any specific documents at webappsec or owasp that spoke 
> to this problem.

Mark Burnett wrote the following column for OWASP
Using Secret Questions


The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list