|
|
|
|
|
|
by jameskpolk
6241 days ago
|
|
|
If the site allows the user to chose their own security question, the user will find a way to render it useless. They will either input something far more trivial, or they will input something they then forget. Personally, I don't think businesses should implement half-baked security features -- and password request forms are as half-baked as it gets. The best solution would be for important sites (my bank, my stockbroker, ...) to make me come into their office with documentation if I forget my password. The problem, unfortunately, gets more difficult for "unimportant" sites... frankly, short of relying on a centralized ID provider that can ensure identity in person, there isn't a good answer. |
|
|
I hear there's this thing called "OpenID".