I just came across Password Reset Survey which does a short review of how the password reset is handled on a number of major sites*. It's worth reading, but here is the conclusion:
"There isn't a clear conclusion to draw here - sites do things differently, and in some cases have what seem to be pretty easily breakable password reset mechanisms. I'd imagine that all of these mechanisms work well enough - the cost of breakins is less than the cost of making things more secure and difficult for users. But I'd encourage people to think of ways that the password reset process could be made more secure and usable so that sites could rally around a better mechanism."I have also mentioned the following academic paper before:
When developing your online application, you need to think about how you are going to handle the forgotten password mechanism.
*The sites reviewed are:
Google, Yahoo, Microsoft (Hotmail, Live etc), Apple, Facebook, Twitter, MySpace, LinkedIn, Amazon, Ebay, Craigslist, Paypal, Wikipedia
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot
Great post. My own experience is that although the mechanics of Entity Authentication are quite simple, the business processes that surround it (enrolment, account validation, password reset, etc) can lead to some complicated workflows, and some hidden gotchas.
ReplyDeleteYou create sense out of the foremost complex topics. lastpass
ReplyDeleteenterprise security audit I can set up my new idea from this post. It gives in depth information. Thanks for this valuable information for all,..
ReplyDeleteGood website! I truly love how it is easy on my eyes it is. I am wondering how I might be notified whenever a new post has been made. I have subscribed to your RSS which may do the trick? Have a great day! Digitogy
ReplyDeleteAmazing post! I appreciate your hard work. Thank you for sharing. I have also share some use full information.
ReplyDeleteDrone pro review
mosquitron reviews
eco beat earphones review
Coolair review
Coolair air cooler review
Glad I'm stumbled upon to this blog, the content is very information thanks for sharing such piece of knowledge with us.
ReplyDeleteKoreSphere Review