Security Basics mailing list archives
Suggestions for user password reset challenge questions?
From: Adrian DuPre <adrian.security () gmail com>
Date: Fri, 27 May 2005 10:53:32 -0500
Hi all, My company is in the middle of implementing an automated password sync/reset application that supports user password recovery/reset by answering predefined questions. (We define the questions, each user provides their own answers to the questions before they can use the feature) What types of questions would work well for this application? Our company has offices worldwide, and I prefer to avoid collecting information that is "too personal" in nature. So while "what is your favorite color?" would work well; "what is your home zip code?" and "what is your bank account number?" would probably not work. Thanks in advance for your suggestions! -Adrian
Current thread:
- Suggestions for user password reset challenge questions? Adrian DuPre (May 30)