Quote:
Originally Posted by Ron Bennett
All that complicated password stuff is mostly useless for sites that has a password recovery feature that utilizes "security questions" - ie. what was your first school? what is your favorite mascot? what is your mother's middle name? etc ...
One's password security is only as good as the weakest link - I find it comical how many sites enforce all sorts of complicated, strict password restrictions and then allow simple one word responses to the security recovery questions that can be easily found / guessed.
|
Thanks for your input Ron. In theory you're right for general sites, however in the context of this thread and Paxum, you are incorrect.
The security questions used by Paxum for password security do not work in the way you describe. Providing the correct security question answer does not immediately provide a new password, a correct security question answer simply authorizes an email notification to be issued that contains a unique code that must be retrieved from the sent email and used to change the password.
Clients who have a complicated password for Paxum and also have a complicated password for their email, are at a much lower risk to be abused by hackers.
If you have never tried to change your Paxum account password, I'd like to suggest you give it a try and see the full procedure before judging our security system as pointless.