User talk:Douglasheld

From Jim: I brought the HTTP Response splitting page back. I am fully deleting the CLASP and other old projects from the wiki - so I removed those categories form the page when I brought it back.

If you see anything else that I deleted (and I deleted a lot) that needs to be brought back, let me know via jim@owasp.org.

Comments left on "Choosing and Using Security Questions Cheat Sheet"
Douglas,

Regarding your comment. For the most part, but unfortunately I don't see this changing anytime soon. It is likely to be around as long as passwords are still used, some people will forget their passwords. And since by some accounts a call to the help desk costs as much as $5.00 USD, mechanisms involving automatic resets of forgotten passwords will be preferred. (And besides, for companies not having questions that they can ask about a user's transactional history, etc., how are they to confirm the identity of a user claiming a forgotten password?) So as long as that's the case, this a wiki cheat sheet as well as the related "Forgot Password" cheat sheet will hopefully make this method of resetting passwords as secure as possible. What we really need to do is to replace passwords with stronger authentication mechanisms such as FIDO, etc. but that is something that likely will take many years to become mainstream.

-kevin