Tuesday 3 August 2010

Forgotten Password Mechanisms....again

In  a previous  blog entry I gave my 2 cents worth on what to think about when handling the "Forgotten Password" mechanism in online applications.

I just came across Password Reset Survey  which does a short review of how the password reset is handled on a number of major sites*. It's worth reading, but here is the conclusion:
"There isn't a clear conclusion to draw here - sites do things differently, and in some cases have what seem to be pretty easily breakable password reset mechanisms. I'd imagine that all of these mechanisms work well enough - the cost of breakins is less than the cost of making things more secure and difficult for users. But I'd encourage people to think of ways that the password reset process could be made more secure and usable so that sites could rally around a better mechanism."
I have also mentioned the following academic paper before:
When developing your online application, you need to think about how you are going to handle the forgotten password mechanism.

*The sites reviewed are:
Google, Yahoo, Microsoft (Hotmail, Live etc), Apple, Facebook, Twitter, MySpace, LinkedIn, Amazon, Ebay, Craigslist, Paypal, Wikipedia

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot


  1. Great post. My own experience is that although the mechanics of Entity Authentication are quite simple, the business processes that surround it (enrolment, account validation, password reset, etc) can lead to some complicated workflows, and some hidden gotchas.

  2. You create sense out of the foremost complex topics. lastpass

  3. enterprise security audit I can set up my new idea from this post. It gives in depth information. Thanks for this valuable information for all,..

  4. Good website! I truly love how it is easy on my eyes it is. I am wondering how I might be notified whenever a new post has been made. I have subscribed to your RSS which may do the trick? Have a great day! Digitogy

  5. Amazing post! I appreciate your hard work. Thank you for sharing. I have also share some use full information.
    Drone pro review
    mosquitron reviews
    eco beat earphones review
    Coolair review
    Coolair air cooler review

  6. Glad I'm stumbled upon to this blog, the content is very information thanks for sharing such piece of knowledge with us.
    KoreSphere Review