Security Basics mailing list archives
Re: How secure is Email based password reset?
From: Martchukov Anton <vhlist () yandex ru>
Date: Thu, 8 May 2003 22:52:51 +0400
Wednesday, May 7, 2003, 6:18:56 PM, you wrote: SJ> One of the ways to implement the password reset is to SJ> 1. Ask the personal question SJ> 2. if correctly answered, generates a unique temporary password SJ> 3. Send the password over email to user. SJ> 4. This would allow user to login once. You'd better force user to change password manually after answering instead of transferring a plain text password. If it's necessary to validate user's e-mail, you may generate random page URL and send it to user. When user goes there, he will be able to change password, after right answer of cause. Maybe it's more secure? -- Best regards, Martchukov Anton aka vh mailto:vhlist () yandex ru --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- How secure is Email based password reset? Shekhar Jha (May 07)
- Re: How secure is Email based password reset? Kevin Saenz (May 08)
- Re: How secure is Email based password reset? S. Rohit (May 09)
- RE: How secure is Email based password reset? Stephen (May 08)
- Re: How secure is Email based password reset? Chris Burton (May 08)
- RE: How secure is Email based password reset? Dan Kubb (May 09)
- Re: How secure is Email based password reset? S. Rohit (May 12)
- Re: How secure is Email based password reset? Anders Reed Mohn (May 14)
- Re: How secure is Email based password reset? S. Rohit (May 12)
- RE: How secure is Email based password reset? Nick Owen (May 09)
- Re: How secure is Email based password reset? Brian Eckman (May 09)
- Re: How secure is Email based password reset? Martchukov Anton (May 09)
- Re: How secure is Email based password reset? Brian Eckman (May 12)
- <Possible follow-ups>
- Re: How secure is Email based password reset? Gaurav Kumar (May 08)
- Re: How secure is Email based password reset? brien mac (May 08)
- Re: How secure is Email based password reset? Kevin Saenz (May 08)