2007/4/29, Thomas Dalton <thomas.dalton(a)gmail.com>om>:
should be more user friendly than that. No need for us to act like
Do you have a suggestion for how to handle it? If we can't confirm
someone's identity, we can't give them access to the account, however
friendly we may be.
Well, to make the request one would have to know that it's an account
that is hit by the measure. That means that either one knows the
password is equal to the login name, or one has guessed it. In the
first case they are the correct person. In the second case, they
basically have done some password cracking, which even with an easy
password is not a trivial thing. I would say that for an active
account, if there is only one request within a reasonable timespan, it
would be safe to assume it comes from the user him/herself. For
inactive accounts I would say "too bad, get a new one."
Andre Engels, andreengels(a)gmail.com
ICQ: 6260644 -- Skype: a_engels