Current time: 04-17-2014, 02:43 PM Hello There, Guest! (LoginRegister)

Post Reply 
password recovery: is anyone happy?
05-10-2011, 10:03 AM
Post: #24
RE: password recovery: is anyone happy?
Hi again ryo-ohki, thanks for your detailed and thoughtful reply.

There's an absolutely key point which it must be that I haven't expressed clearly enough, and which takes care of your points 1 and 4:

all the scenarios which I have outlined do not involve the user ever forgetting their password.

They work just the same with users who never ever forget their passwords.

Now, about your points 5 and 6: all of my scenarios involve either a prankster (who is creating some very local mayhem just for "fun") or a hacker (who is creating more general mayhem for whatever reason it is that motivates hackers).

I would concede that my prankster brother-in-law scenario is semi-ludicrous (and so is the Starbucks scenario I mentioned a few weeks ago); the thing is that I did not want to start talking about the serious hacker possibilities, and I hoped that by presenting those light hearted scenarios in a jokey way I could get some kind of useful conversation going at a light hearted level. Well, that failed, so I do have to talk about the hacker possibilities.

So regarding your points 5 and 6: the scenario is that M wants to create general mayhem without being the slightest bit concerned about the nature of the sites he is getting into, whether they be cat-picture sites or whatever.

(There is also the possibility that a hacker could go after a particular high-value site in this kind of way; I just mention that for completeness.)

Finally, about your points 2 and 3:

Point 2 I think is the best.

For example, if some knowledgeable person would like to argue that the risks have been assessed, and there is no real chance that dreamhost would be a target because there are so many bigger fish out there, then good.

My comment would be, that this would be a very odd way of settling for a less-than-industry-standard level of security, but so be it. I would still be happy to be a dreamhost customer (for most of my websites).

Your point 3 is also valid as far as it goes, but it is not a good argument for not having security there in the first place!

Thanks,
~Tom
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: password recovery: is anyone happy? - tomtavoy - 05-10-2011 10:03 AM

Forum Jump: