Back Home

Open Designs

Community. Driven.

Site Suggestions: the "secret question"

Bottom of Page

1 to 2 of 2

  1.  
    •  
      CommentAuthorcastis
    • CommentTimeMar 13th 2007
     
    I've been in the process of designing a registration and 'forgot password' page for a day now and I'm at the point where I'm creating a secret question for automated password reset.

    I've read several online pages and most of them say that the secret question is outdated and useless and is often easier to bypass than the password itself (which i agree to).

    Do you all have any ideas as to what other methods I could be using to made this more secure?
  2.  
    The easiest way to do this in my opinion, would be to have the forgot password function send an activation email to the users registered address, with a confirm or deny password reset request, if they didn't request the new password, have a message telling them to ignore the email and report abuse, if they did request a password reset, then they click on a link which will reset their current password, either way, it has to go through their email address so they will know about it.

1 to 2 of 2

  1.