At 11:10 19/03/2007, you wrote:
>2007/3/19, Ian Tresman <it(a)knowledge.co.uk>:
>
> > And another option would be for the person to enter their own valid
> > email address, which needs validating before the password is sent out
> > to the password-associated email address?
>
>
>Emmm... No, that wouldn't work. To validate the e-mail address, we need to
>send a message to that e-mail address, so the person could cause the same
>kind of trouble by hitting the button to validate your address.
I'm trying to think of a method which would (a) introduce a time
delay between password reminder requests (b) make it a hassle to
request it frequently.
How about for people who press the "E-mail password button":
1. Present a block of nine random 5-letter text blocks, and ask the
user to enter from word block M (0 < M < 10), the Nth letter (0 < N <
6. And do this three times. I think people would get bored having to
do this each time. eg.
HIWPS PEQXX PFLEE PEDLX POSLN DOWWS DWEZI EODSW EPLDK
a. Enter from block 6 the 3rd letter
b. Enter from block 2 the 5th letter
c. Enter from block 8 the 2nd letter [...]
Regards,
Ian