Fabio,
If you implement a password recovery feature, that would email the new password to the user. That does no good if they don't have access to their email account.
We probably do want an alternate email that can be used for these situations.
Chris
On 5/29/2012 11:45 PM, Andre Robatino wrote:
> Kevin Fenzi <kevin@...> writes:
>
>> I think adding a 'security question(s)' feature would be great.
>>
>> I would strongly suggest however that the questions and answers be free
>> form. There's little security in canned security questions that have
>> answers people can find out. ie, 'What was your high school?'
>
> I just use a password manager and if a site forces me to answer "security"
> questions, I put them in the Notes section using strong random passwords for the
> answers. For example
>
> What was your high school? 48ZGrNaDQR75
>
> I think the security questions should be optional in any case to save the
> trouble of having to make and store several strong random passwords rather than
> just one.
Or maybe have primary (company?) email and private email registered.
Instead of re-inventing a whole new chunk of code by introducing a
security question and all, simple allow 2 emails to be valid at any
given time.
Fabio
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure