|
Chris...
hope you'll take a suggestion from me... (no bad blood and all)
Although V knows his stuff, his #3 idea is good but might cause more problems.. I am sure he has his reasons, but I have yet to find a reason why a simple email system is a problem. Meaning:
Simply have them type in the username and the email they signed up with. If the info is correct, send a new password (or the old one if you do not store it encrypted) to their email address on file.
I understand the idea behind the secret question, but like V said, you have to make it COMPLICATED to make it secure. No wonder Paris's Sidekick account was hacked.
The only reason some places have a secret question setup is so that they do NOT have to send an email out on requests. They just let them enter the password again then.
As long as you do not display the password somewhere but email it to the account on file, I see no problem with this kind of stuff.
V, your input on my oppinion would be appreciated.
__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie Munger
|