The Robertson Team

Home  Programmers' Tools  About The Team  Contact Us  Site Map 

 

 
 

GridBuilder
 

ContentMonger
 

AccessMonger Pro
 

Version 2.0 (!)
 

FAQ
 

Which Version of AMPro Should I Use?
 

System Requirements
 

How Do I Install It?
 

What Kind of User is AMPro Meant For?
 

What are Tiers?
 

What Are Roles?
 

What Are Groups?
 

Can I Mix Permission Types in My System?
 

Can I Nest Permissions?
 

Can I Do A Login Pass-Through?
 

Can I Add Users Automatically?
 

Can I Import Users From Another System?
 

If I Forget My Password Will AMPro Send It To Me?
 

Screen Shots
 

The Free Stuff
 
 
 
  Programmers' Tools >  AccessMonger Pro >  FAQ >  If I Forget My Password Will AMPro Send It To Me?
 

If I Forget My Password Will AMPro Send It To Me?

In the words of Dr. Evil:

How about: NO!

It is frightening to see how many password systems make this gigantic mistake.  You go to all sorts of trouble to secure your application; jumping thru one hoop after another, building the perfectly ironclad little fortress... and when someone forgets a password (which happens all the time) you send it to them in the clear via email?

Can we find a less secure way to do that?  Maybe sky-write it in the clouds, or run it every 1/2 hour on CNN?

AMPro will let a user who has authenticated themselves properly -- after receiving a special email at their inbox containing an encrypted, time-limited link and answering their top-secret, self-set security question -- to *change* their password.

This gives the forgetful user a self-service, don't-bother-the-admin method of gaining immediate re-entry without creating a giant security hole in the process.

The Robertson Team, TheKing@mysecretbase.com
1.559.360.1717 


HostMySite.com is a leader in ColdFusion web hosting and managed dedicated servers.