Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^3: Requiring old password in order to change your password

by Xilman (Hermit)
on Jan 02, 2011 at 22:03 UTC ( [id://880096] : note . print w/replies, xml ) Need Help??


in reply to Re^2: Requiring old password in order to change your password
in thread Requiring old password in order to change your password

I wasn't planning on implementing the annoying multiple "What was the mascot of the first car where your favorite pet's maiden name's favorite sport first met their favorite superhero?" questions.

I wasn't suggesting you should. My suggestion is that you keep two other items on file: a string chosen by the user which is displayed on the account recovery page and another string which is compared against what the user enters after the first string is displayed. The first string would most likely be a question but need not. If I want my question to be "What is your mother's maiden name?" then it's my choice to have a response which is probably easily guessable. If my first statement is "The universe is" and the expected response is "purely 42itous" then, again, it's my choice to have something which I may be unlikely to remember five years later. It makes no difference to you whether either or both strings are meaningful and/or relevant, all you have to do is display one and check the other.

I hope this clarifies my proposal.

  • Comment on Re^3: Requiring old password in order to change your password