[LINK] Automated processing of lost passwords
Lea de Groot
lealink at viking.org.au
Mon Feb 12 15:40:56 AEDT 2007
On Mon, 12 Feb 2007 14:59:30 +1100, David Lochrin wrote:
> Many websites with a restricted-access area include an automated
> process for handling forgotten passwords. Usually the user emails to
> a "forgotten password" address ("forgot your password" - sic) and the
> system emails back the current (or an updated) password.
I've never seen this.
I have only seen sites where you give *the site* your account details
and it pulls the verified email address out of the database and sends
the password reminder to that address.
Thus only the person who is authorised for the account can get the
message (assuming their email account is secure - but that isn't the
website's problem)
Never seen a site that says 'email me a password request'
Email is exremely fakeable (is that a word?) and the protocols for
verification ar e not widely supported.
Lea
--
Lea de Groot
in Brisbane where the rain is... wow! torrential!
More information about the Link
mailing list