Current time: 08-20-2017, 11:33 PM Hello There, Guest! (LoginRegister)

Post Reply 
password recovery: is anyone happy?
05-08-2011, 01:04 PM
Post: #19
RE: password recovery: is anyone happy?
Hi again, we can surely rule out brute force attacks against dreamhost passwords. There are absolutely standard mechanisms for making those totally infeasible (for example, by slowing down repeated login attempts) and it would be unbelievably shocking if some such were not in place for dreamhost.

(Of course, I'm not going to test that, for obvious reasons. I hope someone knowledgeable can confirm it!)

I have to confess that as far as I can see, the rest of your remarks, though interesting, really don't bear on the problem in hand. If you could explain more clearly, that would be great. In particular, please consider the following:

(1) the security question mechanism (placed in between receipt of the email and the password revelation or re-set) defeats any automated attack, and if the user has chosen well, it also defeats any feasible human attack (in exactly the same way that a password does)

(2) forgetting the answer to the security question is obviously much rarer than forgetting a password ... after all, the whole point of the security question mechanism is that the question reminds the user of the answer ... so in those very few cases where a user has forgotten both their password and the answer to their security question, it is quite reasonable that they would have to resort to messaging directly with dreamhost support in order to re-establish their credentials (and this can be done through messaging, it does not need expensive phone support)

So unless I've missed something vital, or misunderstood something, my argument is unaltered

Find all posts by this user
Quote this message in a reply
Post Reply 

Messages In This Thread
RE: password recovery: is anyone happy? - tomtavoy - 05-08-2011 01:04 PM

Forum Jump: