[Tfug] Authentication procedures

Glen Pfeiffer glen at thepfeiffers.net
Tue Mar 17 15:44:31 MST 2009


On Tue Mar 17, 2009 at 11:47:31AM -0700, Bexley Hall wrote:
> Comments?

Here's my preferred scheme, but I don't use it for email systems 
like Gmail, so it has obvious flaws in that application:

I use a Secret Question & Answer, with better questions than 
"What's your birthday?". Granted, if someone knows enough about 
you, they may still be able to answer it. But that's not the end 
of it.

Once you answer correctly, a temporary password is sent to your 
email account. When you log in with it, you are of course 
required to change it.

This provides two layers of security, in that someone attempting 
to access your account would have to be able to answer your 
security question AND have access to your email account. 
Obviously it's not fool proof, but then again nothing is. 
However, it does seem to address the needs of the clients I work 
with.

But like I said, that wouldn't work very well for a system like 
Gmail, Yahoo Mail, etc.

-- 
Glen 

"I am the way and the truth and the life. No one comes to the 
Father except through me."  [John 14:6]





More information about the tfug mailing list