[Tfug] Authentication procedures
Glen Pfeiffer
glen at thepfeiffers.net
Tue Mar 17 15:44:31 MST 2009
On Tue Mar 17, 2009 at 11:47:31AM -0700, Bexley Hall wrote:
> Comments?
Here's my preferred scheme, but I don't use it for email systems
like Gmail, so it has obvious flaws in that application:
I use a Secret Question & Answer, with better questions than
"What's your birthday?". Granted, if someone knows enough about
you, they may still be able to answer it. But that's not the end
of it.
Once you answer correctly, a temporary password is sent to your
email account. When you log in with it, you are of course
required to change it.
This provides two layers of security, in that someone attempting
to access your account would have to be able to answer your
security question AND have access to your email account.
Obviously it's not fool proof, but then again nothing is.
However, it does seem to address the needs of the clients I work
with.
But like I said, that wouldn't work very well for a system like
Gmail, Yahoo Mail, etc.
--
Glen
"I am the way and the truth and the life. No one comes to the
Father except through me." [John 14:6]
More information about the tfug
mailing list