From: Ian B. <ia...@co...> - 2001-12-09 18:37:11
|
On Sun, 2001-12-09 at 11:02, Chuck Esterbrook wrote: > On Thursday 22 November 2001 07:13 pm, Mike Orr wrote: > > For instance, the fallback challenge question is good for users who > > frequent the site and have some level of commitment to it. It's less > > good for occasional users who maybe aren't sure about the site, to > > whom one more personal question may be too many (like I was about > > Yahoo's birthdate question), or who aren't thrilled about memorizing > > yet another piece of information (who did I say my favorite sports > > hero is, and how did I spell it?) > > How secure is the so-called "challenge question" anyway? If you are only allowed to reset the password after answering the challenge question, at least a person will be able to detect the intrusion. That helps a little. Ian |