This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Forgot Password Cheat Sheet"
From OWASP
Daniel Black (talk | contribs) (reference papers on challenge questions) |
(→Logging: new section) |
||
| Line 3: | Line 3: | ||
[http://cups.cs.cmu.edu/soups/2009/proceedings/a9-schechter.pdf 1+1=You] | [http://cups.cs.cmu.edu/soups/2009/proceedings/a9-schechter.pdf 1+1=You] | ||
| + | |||
| + | == Logging == | ||
| + | |||
| + | I'm surprised to see that logging isn't a consideration in password reset functionality. Knowing that users attempted a password reset, whether the reset was successful or failed, recording details of reset sessions including IP address and other details would all seem like great suggestions. | ||
Revision as of 19:02, 2 September 2015
Needs revision based on [http://cups.cs.cmu.edu/soups/2009/proceedings/a8-just.pdf Personal Choice and Challenge Questions: A Security and Usability Assessment]
Logging
I'm surprised to see that logging isn't a consideration in password reset functionality. Knowing that users attempted a password reset, whether the reset was successful or failed, recording details of reset sessions including IP address and other details would all seem like great suggestions.
