Groups | Search | Server Info | Login | Register

Groups > comp.misc > #23897

Re: Using SMS for password reset.

From Spiros Bousbouras <spibou@gmail.com>
Newsgroups comp.misc
Subject Re: Using SMS for password reset.
Date 2024-02-01 17:57 +0000
Organization To protect and to server
Message-ID <qOL3gzzw0FzYeF3s=@bongo-ra.co> (permalink)
References (1 earlier) <slrnurhkif.2h7.dan@djph.net> <L2PlxvxSHEVJx+H9A@bongo-ra.co> <slrnurkaop.2h7.dan@djph.net> <UKRnzwK2I7OBPZijg@bongo-ra.co> <slrnurnfea.2h7.dan@djph.net>

Show all headers | View raw

On Thu, 1 Feb 2024 15:48:43 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
> On 2024-01-31, Spiros Bousbouras wrote:
> > No , I am in the group of people who never memorised the password. 
> > [...]
> > In any case , I see now that I read in your post more than what you
> > intended. You said  "then what?"  and I interpreted that as suggesting
> > that we all need help from the website in retrieving passwords and
> > that's what I found especially presumptuous.
> 
> I actually figured you were taking issue with the second line; since
> it's the more explicit/direct statement that "everyone forgets the
> password".
> 
> For a bank or other "very public institution that is generally very easy
> to access", I can completely agree that "look, if/when you forget your
> web-access password, come to the nearest branch" is (probably) a better
> solution than a "forgot password" link and answering a couple of
> questions about my dog.

Yes , as long as the reminder option is safe enough (like personally go to
a building with ID) , I have no problem with it.

> But then, what about services that aren't "very public institutions that
> are generally very easy to access" (Netflix / Amazon / Google / CC
> Company / etc.)?
> 
> What would a viable "general" solution be?  Call them?  Email?  Too bad,
> create a new account?

I have already indicated that in  <L2PlxvxSHEVJx+H9A@bongo-ra.co> : "Very
often I have wished for sites to offer the option when creating an account to
disable any password reminders" .So when logged in , one would have access to
an account boolean setting which would be enable/disable password reminders.
If the user chooses "disable" and then forgets (or loses or whatever) their
password then that's it , they are locked out of their account forever and
ever. The site would offer appropriate warnings to that effect but ultimately
the user should have the option to disable reminders. If the user decides to
enable them , I don't have a view which would be the best method and I
haven't given it much thought because I would always choose to disable them.
(In a similar vein , I always choose for the site *not* to store credit card
information. How faithfully they implement this , I have no way of knowing)

-- 
Every theatre is an insane asylum, but an opera theatre is the
ward for the incurables.
  Franz Schalk

Back to comp.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 19:22 +1100
  Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-30 10:39 +0000
    Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 21:57 +1100
      Re: Using SMS for password reset. Bruce Horrocks <07.013@scorecrow.com> - 2024-02-06 23:47 +0000
        Re: Using SMS for password reset. "Kerr-Mudd, John" <admin@127.0.0.1> - 2024-02-07 10:31 +0000
        Re: Using SMS for password reset. Ian <gay@sfuu.ca> - 2024-02-07 15:03 -0800
    Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-30 14:33 +0000
      Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-30 16:38 +0100
      Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 13:39 -0300
        Re: Using SMS for password reset. Mike Spencer <mds@bogus.nodomain.nowhere> - 2024-01-30 19:56 -0400
          Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-31 17:57 -0300
      Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-31 11:10 +0000
        Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 22:34 +1100
          Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:16 +0000
        Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-31 12:06 +0000
          Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:48 +0000
            Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-02-01 17:57 +0000
  Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 16:39 +0000
  Re: Using SMS for password reset. newsmaster@ausics.net - 2024-01-31 07:02 +1000
  Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 09:45 +1100
    Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 23:39 +0000
      Re: Using SMS for password reset. Bob Eager <news0009@eager.cx> - 2024-01-31 00:10 +0000
      Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 22:30 -0300
        Re: Using SMS for password reset. kludge@panix.com (Scott Dorsey) - 2024-01-31 01:41 +0000
          Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 23:09 -0300
            Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-31 10:58 +0100
      Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 13:32 +1100

csiph-web