Password reset / retrieval Best Practices?

9 Feb 2009 - 1:55pm
5 years ago
1 reply
1217 reads
SusieComet
2006

Hi all,
Can anyone point me to a resource on best practices for password
reset/retrieval? Does anyone have any good information to share?
Thanks!

Susan Patrick
User Interface Designer III
The Midland Company

-----------------------------------------
CONFIDENTIALITY STATEMENT:
This e-mail transmission contains information that is intended to
be confidential. It is intended only for the addressee named
above. If you receive this e-mail in error, please do not read,
copy, or disseminate it. If you are not the intended recipient,
any disclosure, copying, distribution or use of the contents of
this information is prohibited. Please reply to the message
immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer
system. Your assistance in correcting this error is appreciated.

Comments

9 Feb 2009 - 2:21pm
jet
2008

I'd be interested in seeing that as well.

However, (putting on my security hat) do not store passwords in any form
that can be retrieved and displayed to the user. Store them in some
sort of one-way encryption or hash and require the user to reset the
password if they've forgotten it. It's easy to do and probably
supported by every login mechanism out there.

Signed,

Was once on the wrong side of "...they cracked our system and stole all
the user logins and passwords".

SPatrick at amig.com wrote:
> Hi all,
> Can anyone point me to a resource on best practices for password
> reset/retrieval? Does anyone have any good information to share?
> Thanks!
>
> Susan Patrick
> User Interface Designer III
> The Midland Company
>
> -----------------------------------------
> CONFIDENTIALITY STATEMENT:
> This e-mail transmission contains information that is intended to
> be confidential. It is intended only for the addressee named
> above. If you receive this e-mail in error, please do not read,
> copy, or disseminate it. If you are not the intended recipient,
> any disclosure, copying, distribution or use of the contents of
> this information is prohibited. Please reply to the message
> immediately by informing the sender that the message was
> misdirected. After replying, please erase it from your computer
> system. Your assistance in correcting this error is appreciated.
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help
>

--
J. Eric "jet" Townsend, CMU Master of Tangible Interaction Design '09

design: www.allartburns.org; hacking: www.flatline.net; HF: KG6ZVQ
PGP: 0xD0D8C2E8 AC9B 0A23 C61A 1B4A 27C5 F799 A681 3C11 D0D8 C2E8

Syndicate content Get the feed