Harrassment Using the Password Recovery Control

[clintonG]

When the password is hashed and most secure this control mails a new
password to anybody that provides an authenticated user name. The previous
password can no longer be used to login. The newly "recovered" password must
be used to login and then the user must change the newly generated password
back to what may be a preferred password.

Know anybody you want to harrass? Simply enter their user name into an
ASP.NET 2.0 Password Recovery control.


<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/

 

[Simon Smith]

When the password is hashed and most secure this control mails a new
password to anybody that provides an authenticated user name. The previous
password can no longer be used to login. The newly "recovered" password must
be used to login and then the user must change the newly generated password
back to what may be a preferred password.

Know anybody you want to harrass? Simply enter their user name into an
ASP.NET 2.0 Password Recovery control.


<%= Clinton Gallagher

And this makes it different from 99% of all known 'Forgotten your password?'
promts on the web in which way?

 

[Galcho[MCSD.NET]]

This is where secret question/answer combination helps. User must know
secret answer too

I hope this helps
Galin Iliev[MCSD.NET]
www.galcho.com

 

[Simon Smith]

This is where secret question/answer combination helps. User must know
secret answer too

I hope this helps
Galin Iliev[MCSD.NET]
www.galcho.com

OK, I apologize: it's not 99%, it's 90%.

--
Simon

BTW - if you quoted messages you answer, people might know what you're
talking about. I just took a swag that you were answering my earlier reply.
Since you didn't provide a secret question/answer combination then this

 

[clintonG]

It looks that way doesn't it? But I wonder how many have or are implementing
that template.

<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/