Suggestions for user password reset challenge questions?
From: Adrian DuPre (adrian.security_at_gmail.com)
Date: 05/27/05
- Previous message: Gross Barry D.: "RE: Mobile wireless users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 May 2005 10:53:32 -0500 To: security-basics@securityfocus.com
Hi all,
My company is in the middle of implementing an automated password
sync/reset application that supports user password recovery/reset by
answering predefined questions. (We define the questions, each user
provides their own answers to the questions before they can use the
feature)
What types of questions would work well for this application? Our
company has offices worldwide, and I prefer to avoid collecting
information that is "too personal" in nature. So while "what is your
favorite color?" would work well; "what is your home zip code?" and
"what is your bank account number?" would probably not work.
Thanks in advance for your suggestions!
-Adrian
- Previous message: Gross Barry D.: "RE: Mobile wireless users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
