Secret Question for lost password?? RSS

• • Reply
  

  mrrogers

  Member

  202 Points

  728 Posts

  Secret Question for lost password??

  Nov 16, 2012 12:07 PM|LINK

  How do you guys handle a lost password on your site. I am thinking of switch from the secret question paradigm to one where we use their unique id plus the email we have on file for them to send them a link that they must then log into their email account, click on the link then confirm. This applies two different layers of security. What do you think?

• • Reply
  

  Dan Bracuk

  Contributor

  3970 Points

  1096 Posts

  Re: Secret Question for lost password??

  Nov 16, 2012 12:22 PM|LINK

  My home computer does not require a log in.  Neither does Outlook.  There is more than one user. 

  How does your plan cope with that scenario?

• • Reply
  

  mrrogers

  Member

  202 Points

  728 Posts

  Re: Secret Question for lost password??

  Nov 16, 2012 01:06 PM|LINK

  If you don't even securitize YOUR computer than I am assuming securing your personal info is not an issue for you.

  • Edited by mrrogers on Nov 16, 2012 07:02 PM
• • Reply
  

  TechFriend

  Participant

  955 Points

  182 Posts

  Re: Secret Question for lost password??

  Nov 17, 2012 07:31 AM|LINK

  This clearly depends on your requirement and type of your site.
  More the complexity, more issues for the end users.

  As you asked, send a confirmation link to the user in the email, this link will have userid in encrypted url and then ask him to enter his new password and email address on browsing the url.

  Please Mark as Answer if this reply helps you :)
  
  • Marked as answer by Chen Yu - MSFT on Nov 19, 2012 05:22 AM