Quote:
Originally Posted by Nathan
Chris...
hope you'll take a suggestion from me... (no bad blood and all)
Although V knows his stuff, his #3 idea is good but might cause more problems.. I am sure he has his reasons, but I have yet to find a reason why a simple email system is a problem. Meaning:
Simply have them type in the username and the email they signed up with. If the info is correct, send a new password (or the old one if you do not store it encrypted) to their email address on file.
I understand the idea behind the secret question, but like V said, you have to make it COMPLICATED to make it secure. No wonder Paris's Sidekick account was hacked.
The only reason some places have a secret question setup is so that they do NOT have to send an email out on requests. They just let them enter the password again then.
As long as you do not display the password somewhere but email it to the account on file, I see no problem with this kind of stuff.
V, your input on my oppinion would be appreciated.
|
No bad blood at all, and your imput is appreciated. You solution is essentially what I am doing now, so that makes me feel like I'm going the right direction so far.
I'm just blown away that this has happened 2 times in one week!