Difference between revisions of "Talk:Forgot Password Cheat Sheet"

From OWASP
Jump to: navigation, search
(reference papers on challenge questions)
 
(Logging: new section)
Line 3: Line 3:
  
 
[http://cups.cs.cmu.edu/soups/2009/proceedings/a9-schechter.pdf 1+1=You]
 
[http://cups.cs.cmu.edu/soups/2009/proceedings/a9-schechter.pdf 1+1=You]
 +
 +
== Logging ==
 +
 +
I'm surprised to see that logging isn't a consideration in password reset functionality.  Knowing that users attempted a password reset, whether the reset was successful or failed, recording details of reset sessions including IP address and other details would all seem like great suggestions.

Revision as of 14:02, 2 September 2015

Needs revision based on [http://cups.cs.cmu.edu/soups/2009/proceedings/a8-just.pdf Personal Choice and Challenge Questions: A Security and Usability Assessment]

1+1=You

Logging

I'm surprised to see that logging isn't a consideration in password reset functionality. Knowing that users attempted a password reset, whether the reset was successful or failed, recording details of reset sessions including IP address and other details would all seem like great suggestions.