What's the security point in it when everybody asks for reset?
Its cause people do not properly use it. Be smart and make it something you remember and keep track of your account details have a file on a usb stick or a little book with them in it. I made the mistake before and learned from it.
What's the security point in it when everybody asks for reset?
Its cause people do not properly use it. Be smart and make it something you remember and keep track of your account details have a file on a usb stick or a little book with them in it. I made the mistake before and learned from it.
I think his point was more along the lines of if admin will reset the security feature without requiring some sort of proof of identity, there is no real security behind the mechanism. I've thought this too...like if someone were to create a new, free account and say hey, this is Wrythe1985...I forgot my security question to reset my password can you clear it? What type of user authentication/identification checks are admins making against the supposed free user account? Typically larger companies require some sort of copy of a personal ID, like a driver's license/state-issued ID but that brings up legal questions about privacy and whatnot that you'd need a lawyer to assist with...you might get away with verifying an accounts' IP address but that's provided the IPs are recorded and tied to the accounts and that the user doesn't change their IP...not to mention IP spoofing...I don't know how the trainer authentication works, but perhaps there is a way to verify users' identities in a similar way unless the trainer auth is tied to the account regardless of any real uniquely identifying characteristics...
Important Board Topics
Trending Topics