[WEB SECURITY] Password Recovery

Jeremiah Grossman jeremiah at whitehatsec.com
Thu Jun 16 13:58:40 EDT 2005


On Thursday, June 16, 2005, at 10:50  AM, prateek mishra wrote:

> I wonder if there are any good guidelines in this space. Has NIST 
> or any other group issued a set of "best practices" for password 
> management and recovery? 

"Best Practices", none that I have seen or read, but it would be great 
if there were. Especially if it was geared specifically for web 
application security.

>  I didn't find any specific documents at webappsec or owasp that spoke 
> to this problem.

Mark Burnett wrote the following column for OWASP
Using Secret Questions
http://www.owasp.org/columns/mburnett/questions.html



Jeremiah-

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list