Home page logo
/

basics logo Security Basics mailing list archives

How secure is Email based password reset?
From: Shekhar Jha <shekhar-jha () usa net>
Date: Wed, 07 May 2003 10:18:56 -0400

One of the ways to implement the password reset is to
1. Ask the personal question
2. if correctly answered, generates a unique temporary password
3. Send the password over email to user.
4. This would allow user to login once.

My query is regarding sending the password over email to user. How secure is
it? Given that,
1. The Server would be delivering the password email to an Internet Service
Provider.
2. The user would typically be online waiting for the password emal to
arrive.
3. The password would be invalid after the first use.
How valid are these assumptions?

Any other pointers about different way of re-setting the password would be
helpful.



---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]