At 11:10 19/03/2007, you wrote:
2007/3/19, Ian Tresman <it(a)knowledge.co.uk>uk>:
And another option would be for the person to
enter their own valid
email address, which needs validating before the password is sent out
to the password-associated email address?
Emmm... No, that wouldn't work. To validate the e-mail address, we need to
send a message to that e-mail address, so the person could cause the same
kind of trouble by hitting the button to validate your address.
I'm trying to think of a method which would (a) introduce a time
delay between password reminder requests (b) make it a hassle to
request it frequently.
How about for people who press the "E-mail password button":
1. Present a block of nine random 5-letter text blocks, and ask the
user to enter from word block M (0 < M < 10), the Nth letter (0 < N <
6. And do this three times. I think people would get bored having to
do this each time. eg.
HIWPS PEQXX PFLEE PEDLX POSLN DOWWS DWEZI EODSW EPLDK
a. Enter from block 6 the 3rd letter
b. Enter from block 2 the 5th letter
c. Enter from block 8 the 2nd letter [...]
Regards,
Ian