You-Read-It-Here-First Forum Index You-Read-It-Here-First
A collection of textual novelties
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
If you want to read the articles here, go ahead, just click on a forum and find a thread that interests you...no need to register! If you want to post something... either new or in response to someone here, then click the Register link above. It's free... and it's fun to write your ideas here. You can even create a "blog" by starting a personal thread in the Daily Life Every Thread A Diary section...

The Reset Is The Login

 
Post new topic   Reply to topic    You-Read-It-Here-First Forum Index -> Ideas about software
View previous topic :: View next topic  
Author Message
jabailo



Joined: 20 Mar 2006
Posts: 1273
Location: Kent (East Hill), WA

PostPosted: Sun Aug 17, 2008 9:36 am    Post subject: The Reset Is The Login Reply with quote

In "The First One Is Free", Brian Hansen discusses workarounds for password "hint" questions.

http://you-read-it-here-first.com/viewtopic.php?t=1081&sid=0f1e4f58133761503008e419f10b0ac7

It brought to mind a discussion I was having with a colleague about a NYT article suggesting alternatives to the standard username/password authentication scheme is is most used.

http://www.nytimes.com/2008/08/10/technology/10digi.html?em

I always found the password "hint" strange since it immediately puts non-randomess into the supposedly random selection of passwords. For example, I can create any password I want, but if I forget it, it asks me my mother's maiden name. Well, at that point, my password might as well my mother's maiden name because that's all the information that is needed to get into my account.

Now typically, but not always, these password hints end up with either a password being mailed to you or a reset link with a one time use key, but sometimes they result in being thrown into a password reset screen! So, all one has to do is go to the many geneology sites, look up a mother's maiden name and then crack the site access.

Given that we "reset" passwords using email with special links, I have often wondered if the reset process should be actually procedure. Example: I assume I don't have a password. If I want to access a site, I enter my username. The site sends me an email, I click on it and it lets me enter the site -- but I can only use that link once.

Now, of course, this may be a bit cumberson if I have to use both a browser and an email client, but one can imagine some small piece of software that can send the username and then get back via email a "token" that allows the login.
Back to top
View user's profile Send private message Send e-mail
Visit the Instant Postcard Collection @ http://instant-postcard-collection.com
Looking for postcards of that favorite place? Family origins? Or that perfect vacation, except for the photos?
Researching your dissertation? Serious collector? Just looking for something neat?
You've found the right place to add to your existing collection, or to start a new one.
Display posts from previous:   
Post new topic   Reply to topic    You-Read-It-Here-First Forum Index -> Ideas about software All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group