This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Forgot Password Cheat Sheet"

From OWASP
Jump to: navigation, search
(Logging: new section)
Line 1: Line 1:
Needs revision based on [http://cups.cs.cmu.edu/soups/2009/proceedings/a8-just.pdf Personal Choice and Challenge Questions: A Security and
+
== Logging ==
Usability Assessment]
 
  
[http://cups.cs.cmu.edu/soups/2009/proceedings/a9-schechter.pdf 1+1=You]
+
I'm surprised to see that logging isn't a consideration in password reset functionality. Knowing that users attempted a password reset, whether the reset was successful or failed, recording details of reset sessions including IP address and other details would all seem like great suggestions.
  
== Logging ==
+
== More on Logging ==
 +
 
 +
I think adding logging info like you described is a good idea. Go ahead and add it in!
  
I'm surprised to see that logging isn't a consideration in password reset functionality.  Knowing that users attempted a password reset, whether the reset was successful or failed, recording details of reset sessions including IP address and other details would all seem like great suggestions.
+
- Jim Manico Sept 2, 2015

Revision as of 21:21, 2 September 2015

Logging

I'm surprised to see that logging isn't a consideration in password reset functionality. Knowing that users attempted a password reset, whether the reset was successful or failed, recording details of reset sessions including IP address and other details would all seem like great suggestions.

More on Logging

I think adding logging info like you described is a good idea. Go ahead and add it in!

- Jim Manico Sept 2, 2015

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Forgot_Password_Cheat_Sheet&oldid=199901"