This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User talk:Douglasheld"
(Created page with "From Jim: I brought the HTTP Response splitting page back. I am fully deleting the CLASP and other old projects from the wiki - so I removed those categories form the page whe...") |
(→Comments left on "Choosing and Using Security Questions Cheat Sheet": new section) |
||
| Line 3: | Line 3: | ||
If you see anything else that I deleted (and I deleted a lot) that needs to be brought back, let me know via [email protected]. | If you see anything else that I deleted (and I deleted a lot) that needs to be brought back, let me know via [email protected]. | ||
| + | |||
| + | == Comments left on "Choosing and Using Security Questions Cheat Sheet" == | ||
| + | |||
| + | Douglas, | ||
| + | |||
| + | Regarding your comment. For the most part, but unfortunately I don't see this changing anytime soon. It is likely to be around as long as passwords are still used, some people will forget their passwords. And since by some accounts a call to the help desk costs as much as $5.00 USD, mechanisms involving automatic resets of forgotten passwords will be preferred. (And besides, for companies not having questions that they can ask about a user's transactional history, etc., how are they to confirm the identity of a user claiming a forgotten password?) So as long as that's the case, this a wiki cheat sheet as well as the related "Forgot Password" cheat sheet will hopefully make this method of resetting passwords as secure as possible. What we really need to do is to replace passwords with stronger authentication mechanisms such as FIDO, etc. but that is something that likely will take many years to become mainstream. | ||
| + | |||
| + | -kevin | ||
Latest revision as of 14:11, 3 September 2018
From Jim: I brought the HTTP Response splitting page back. I am fully deleting the CLASP and other old projects from the wiki - so I removed those categories form the page when I brought it back.
If you see anything else that I deleted (and I deleted a lot) that needs to be brought back, let me know via [email protected].
Comments left on "Choosing and Using Security Questions Cheat Sheet"
Douglas,
Regarding your comment. For the most part, but unfortunately I don't see this changing anytime soon. It is likely to be around as long as passwords are still used, some people will forget their passwords. And since by some accounts a call to the help desk costs as much as $5.00 USD, mechanisms involving automatic resets of forgotten passwords will be preferred. (And besides, for companies not having questions that they can ask about a user's transactional history, etc., how are they to confirm the identity of a user claiming a forgotten password?) So as long as that's the case, this a wiki cheat sheet as well as the related "Forgot Password" cheat sheet will hopefully make this method of resetting passwords as secure as possible. What we really need to do is to replace passwords with stronger authentication mechanisms such as FIDO, etc. but that is something that likely will take many years to become mainstream.
-kevin
