Re: Remote password change/account unlock
From: Eugene Gershnik (gershnik@hotmail.com)
Date: 04/01/03
- Next message: Freeman Sun: "Win98 can't access the shared folder of Win2K Pro"
- Previous message: J: "recovering encrypted files without original certificate"
- In reply to: Matt DuBois [MS]: "Re: Remote password change/account unlock"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eugene Gershnik" <gershnik@hotmail.com> Date: Mon, 31 Mar 2003 19:57:58 -0800
While I certainly agree with most of this here is an idea for a secure
unlock feature. Before unlocking the account the service should require a
user to know his valid password. This will prevent hacker from using this
feature but will make users life easier.
Eugene
"Matt DuBois [MS]" <mdubois@online.microsoft.com> wrote in message
news:#i8LAk79CHA.2296@TK2MSFTNGP10.phx.gbl...
> Allowing users to change or reset their passwords or unlock their accounts
> from a web page is not a good idea for several reasons:
>
[snip]
> 3) Allowing unlocks is bad as well. What stops a malicious hacker from
> unlocking an account they are trying to crack when it gets locked out?
- Next message: Freeman Sun: "Win98 can't access the shared folder of Win2K Pro"
- Previous message: J: "recovering encrypted files without original certificate"
- In reply to: Matt DuBois [MS]: "Re: Remote password change/account unlock"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
